helm/external-secrets-operator/external-secrets 0.19.0

v0.19.0

on Artifact Hub

BREAKING CHANGE

🔴 🔴 BREAKING CHANGE 🔴 🔴

Please note that this a breaking change because our CRDs are now too big. Meaning a simple kubectl apply or Argo's default client side apply WILL NOT WORK! You have to add --server-side to kubectl apply and in argo add:

spec:
  project: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
    - ServerSideApply=true

for it to correctly install the CRDs. Thank you.

Image: ghcr.io/external-secrets/external-secrets:v0.19.0
Image: ghcr.io/external-secrets/external-secrets:v0.19.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.19.0-ubi-boringssl

What's Changed

• chore: release helm chart for v0.18.2 by @Skarlso in #4985
• chore(deps): bump golang from ee7ff13 to 10f549d in /e2e by @dependabot[bot] in #4997
• chore(deps): bump golang from 68932fa to 68932fa by @dependabot[bot] in #5000
• chore(deps): bump mkdocs-material from 9.6.14 to 9.6.15 in /hack/api-docs by @dependabot[bot] in #4998
• chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by @dependabot[bot] in #5001
• chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #5003
• chore(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by @dependabot[bot] in #5002
• fix: do not turn original value into string on value scope by @Skarlso in #5011
• fix: add uuid in edit and view clusterroles by @sylvainOL in #5017
• chore: update dependencies by @eso-service-account-app[bot] in #4999
• fix: template data should not be the secret Data itself by @gusfcarvalho in #5023
• Fix: Return appropriate error in ValidateStore by @prakash-218 in #5019
• feat(helm): allow to set init containers by @rclsilver in #4745
• chore(deps): bump certifi from 2025.6.15 to 2025.7.14 in /hack/api-docs by @dependabot[bot] in #5032
• Fix: Remove root/buildinfo from ubi build files by @bainsy88 in #5037
• chore(deps): bump ubi8/ubi from 19eae3d to c0b0729 by @dependabot[bot] in #5033
• chore(deps): bump golang from 1.24.4-bookworm to 1.24.5-bookworm in /e2e by @dependabot[bot] in #5029
• chore(deps): bump golang from 1.24.4 to 1.24.5 by @dependabot[bot] in #5034
• chore: update dependencies by @eso-service-account-app[bot] in #5031
• Add Red Hat OpenShift in Adopters by @KeenonLee in #5039
• fix: remove authentication option with JWT token from STSSessionToken generator by @Skarlso in #5026
• fix: add validation constraints to ExternalSecretRewrite by @Aakkash-Suresh in #5006
• fix: stability support matrix by @gusfcarvalho in #5043
• docs(decoding-strategy): clarify base64 auto-detection limitations by @orymate in #5004
• feat(infisical): auth methods by @DanielHougaard in #5040
• chore(deps): bump alpine from 3.22.0 to 3.22.1 in /e2e by @dependabot[bot] in #5046
• chore(aws): parameterstore unit tests improvement by @ivankatliarchuk in #4986
• fix(helm): grafana dashboard: fix heatmaps to actually be heatmaps, not time series by @desaintmartin in #5069
• chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @dependabot[bot] in #5047
• chore(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #5048
• chore(deps): bump golang from ddf5200 to daae04e by @dependabot[bot] in #5049
• chore(deps): bump alpine from 8a1f59f to 4bcff63 by @dependabot[bot] in #5051
• chore(deps): bump alpine from 8a1f59f to 4bcff63 in /hack/api-docs by @dependabot[bot] in #5052
• chore(deps): bump mkdocs-material from 9.6.15 to 9.6.16 in /hack/api-docs by @dependabot[bot] in #5077
• Add SelfSubjectAccessReview as a fallback for failing SelfSubjectRulesReview by @alvin-rw in #5025
• chore(deps): bump golang from 69adc37 to ef8c5c7 in /e2e by @dependabot[bot] in #5076
• chore(deps): bump ubi8/ubi from c0b0729 to 785d38c by @dependabot[bot] in #5075
• chore(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #5072
• chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4 by @dependabot[bot] in #5073
• SSHKey generator by @dex4er in #5083
• fix: restore AWS credential chain resolution for ECRAuthorizationToken generator by @aditmeno in #5082
• fix(helm): grafana dashboard: add widget for sum of not ready secrets by @desaintmartin in #5086
• feat(aws): secretsmanager to update/patch/delete tags by @ivankatliarchuk in #4984
• fix: update the e2e test with the new store status value by @Skarlso in #5089
• fix: correct usage of if in dlc and update for server side apply by @Skarlso in #5092

New Contributors

• @sylvainOL made their first contribution in #5017
• @prakash-218 made their first contribution in #5019
• @rclsilver made their first contribution in #4745
• @bainsy88 made their first contribution in #5037
• @KeenonLee made their first contribution in #5039
• @orymate made their first contribution in #5004
• @desaintmartin made their first contribution in #5069
• @alvin-rw made their first contribution in #5025
• @dex4er made their first contribution in #5083
• @aditmeno made their first contribution in #5082

Full Changelog: v0.18.2...v0.19.0