From a0302fcc8d2763a9f5f69afac977c3bbaf3fd61a Mon Sep 17 00:00:00 2001
From: Filippo Ledda <filippo@metacell.us>
Date: Mon, 18 Nov 2024 13:04:47 +0100
Subject: [PATCH] Fix secrets update

---
 .../helm/templates/auto-secrets.yaml              | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/deployment-configuration/helm/templates/auto-secrets.yaml b/deployment-configuration/helm/templates/auto-secrets.yaml
index 9ab6783a..b1982c38 100644
--- a/deployment-configuration/helm/templates/auto-secrets.yaml
+++ b/deployment-configuration/helm/templates/auto-secrets.yaml
@@ -12,16 +12,19 @@ type: Opaque
 {{- $secret := (lookup "v1" "Secret" .root.Values.namespace $secret_name) }}
 {{- if $secret }}
 # secret already exists
-
 stringData:
   {{- range $k, $v := .app.harness.secrets }}
-    {{- if and $v (and (eq (typeOf $v) "string") (ne $v "?")) }}
+    {{- if and $v (eq (typeOf $v) "string") }}
+      {{- if (ne $v "?")}}
   # Set secret value to value in values.yaml if specified
   {{ $k }}: {{ $v }}
-    {{- else if and (eq (typeOf $v) "string") (or (eq $v "?") (not (hasKey $secret.data $k))) }}
-  # Create a random secret value if not specified in values.yaml if:
-  # 1. it is not set and it is not already in the deployed secret (static random secret)
-  # 2. its value is ? (dynamic random secret)
+      {{- else }}
+  # Refresh at any deployment for ? (pure random) value
+  {{ $k }}: {{ randAlphaNum 20 }}
+      {{- end }}
+    {{- else if not (hasKey $secret.data $k) }}
+  # Create a random secret value if not specified in values.yaml if
+  # it is not set and it is not already in the deployed secret (static random secret)
   {{ $k }}: {{ randAlphaNum 20 }}
     {{- end}}
   {{- end }}