This seems to be a regression of Issue #131 .
Vault-operator: v0.8.49, deployed with Helm.
Vault: openbao v2.5.5
K8s: 1.36.2
On operator / Pod restart of the vault-config-operator it reconciles it's CR and writes the DatabaseSecretEngineConfig newly to openbao leading to a DatabaseSecretEngine that holds the original (outdated) root Password.
Additionally the Docs reference 'verfyConnection' defaulting to 'true', while the operator doesn't verify the connection before writing the new Config. Setting verfiyConnections: true explicitly solves the problem of losing credentials, then the operator goes into 'reconcileFailed' state as expected since the password auth (with the initial root password) fails.
This seems to be a regression of Issue #131 .
Vault-operator: v0.8.49, deployed with Helm.
Vault: openbao v2.5.5
K8s: 1.36.2
On operator / Pod restart of the vault-config-operator it reconciles it's CR and writes the DatabaseSecretEngineConfig newly to openbao leading to a DatabaseSecretEngine that holds the original (outdated) root Password.
Additionally the Docs reference 'verfyConnection' defaulting to 'true', while the operator doesn't verify the connection before writing the new Config. Setting verfiyConnections: true explicitly solves the problem of losing credentials, then the operator goes into 'reconcileFailed' state as expected since the password auth (with the initial root password) fails.