In our K8s environment we are already using the External Secrets Operator with other services to read secrets from a secure vault, and we were planning to do this with container runners as well. If I’m reading the docs correctly, though, it doesn’t look like this is possible. According to the docs the agent.customSecret field requires the secret value to be a key-value map. Is it possible to update the Helm chart to support the use case where the pre-existing, custom secret is just the singular value to use for that particular resource class? Instead of resourceClass.token this could possibly be resourceClass.tokenSecret.
I may have misread/misunderstood the docs. When I get a opening I’ll need to go back and look at this again.