ArgoCD Sync Fails Due to Immutable redpanda-bootstrap-user Secret

[Fomiller]

Summary

ArgoCD syncs are repeatedly failing because the Secret redpanda-bootstrap-user is marked as immutable, but the Redpanda Helm chart attempts to recreate or modify it on each reconciliation.

Error Observed

argo error

Secret "redpanda-bootstrap-user" is invalid: 
data: Forbidden: field is immutable when `immutable` is set.
Retrying attempt #3

secret diff

apiVersion: v1
--
data:
- password: ++++++++++++
+ password: ++++++++
immutable: true
kind: Secret
metadata:
annotations:

This causes the ArgoCD application to enter a degraded / sync error state.

Environment

Argocd: 2.13.9
Redpanda operator helm chart: 25.3.2

values.yaml

...

auth:
  sasl:
    enabled: true

    secretRef: "redpanda-users"

    users:
    - name: admin
      password: admin123
      mechanism: SCRAM-SHA-256

    bootstrapUser:
      mechanism: SCRAM-SHA-256

...

Expected behavior

The bootstrap secret should not be re-applied or mutated once created.

Actual behavior

The bootstrap user secret presents a diff in the secret value causing argocd to fail, preventing the configuration and sync of the rest of the resources, after the initial first sync.

Attempted fixes

I have tried adding additional argocd annotations without any luck

annotations:
    argocd.argoproj.io/compare-options: IgnoreExtraneous
    argocd.argoproj.io/sync-options: Prune=false

Is there a known workaround for this?