handle secret types properly while masking sops data

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2026-02-06 19:05:55 +00:00 · 2022-04-18 16:16:08 +05:30
parent e25bb74c05
commit 5c9cbe676d
1 changed files with 6 additions and 1 deletions
--- a/internal/build/build.go
+++ b/internal/build/build.go
@@ -21,6 +21,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"sync"
@@ -343,7 +344,11 @@ func maskSopsData(res *resource.Resource) error {
 			res.PipeE(yaml.FieldClearer{Name: "sops"})

 			secretType, err := res.GetFieldValue(typeField)
-			if err != nil {
+			// If the intented type is Opaque, then it can be omitted from the manifest, since it's the default
+			// Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets
+			if errors.As(err, &yaml.NoFieldError{}) {
+				secretType = "Opaque"
+			} else if err != nil {
 				return fmt.Errorf("failed to mask secret %s sops data: %w", res.GetName(), err)
 			}