chore(deps): update helm release external-secrets to v1.2.1

[youhide]

This PR contains the following updates:

Package	Type	Update	Change
external-secrets	helm_release	patch	1.2.0 → 1.2.1

---

Release Notes

external-secrets/external-secrets (external-secrets)

v1.2.1

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v1.2.1
Image: ghcr.io/external-secrets/external-secrets:v1.2.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v1.2.1-ubi-boringssl

What's Changed

General

• chore(chart): release helm chart 1.2.0 by @​jakobmoellerdev in #​5751
• fix: metrics not being correctly updated and deleted by @​Skarlso in #​5714
• feat(infisical): add caBundle and caProvider support by @​wi-adam in #​5770
• docs(apis): fix inaccurate SecretStore comments (v1 + v1beta1) by @​fallmo in #​5773
• fix: add missing link to the docs by @​Skarlso in #​5783
• fix: for target template parsing for complex matchers by @​Skarlso in #​5735
• fix: a lot of sonar issue fixes by @​Skarlso in #​5771

Dependencies

• chore(deps): bump golang from 2611181 to ac09a5f by @​dependabot[bot] in #​5758
• chore(deps): bump alpine from 3.23.0 to 3.23.2 in /e2e by @​dependabot[bot] in #​5764
• chore(deps): bump importlib-metadata from 8.7.0 to 8.7.1 in /hack/api-docs by @​dependabot[bot] in #​5768
• chore(deps): bump tornado from 6.5.3 to 6.5.4 in /hack/api-docs by @​dependabot[bot] in #​5767
• chore(deps): bump mkdocs-material from 9.7.0 to 9.7.1 in /hack/api-docs by @​dependabot[bot] in #​5766
• chore(deps): bump alpine from 51183f2 to 865b95f in /hack/api-docs by @​dependabot[bot] in #​5765
• chore(deps): bump alpine from 51183f2 to 865b95f by @​dependabot[bot] in #​5756
• chore(deps): bump ubi9/ubi from d4feb57 to 3816d30 by @​dependabot[bot] in #​5757
• chore(deps): bump peter-evans/slash-command-dispatch from 5.0.1 to 5.0.2 by @​dependabot[bot] in #​5763
• chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​5762
• chore(deps): bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by @​dependabot[bot] in #​5761
• chore(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​5760
• chore(deps): bump hashicorp/setup-terraform from 071811a to 92e4d08 by @​dependabot[bot] in #​5759
• chore(deps): bump anchore/sbom-action from 0.20.11 to 0.21.0 by @​dependabot[bot] in #​5784

New Contributors

• @​wi-adam made their first contribution in #​5770
• @​fallmo made their first contribution in #​5773

Full Changelog: external-secrets/external-secrets@v1.2.0...v1.2.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[youhide-atlantis]

Ran Plan for dir: terragrunt/kubernetes/vault workspace: terragrunt_kubernetes_vault

Plan Error

Show Output

running 'sh -c' 'terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE' in '/home/atlantis/.atlantis/repos/youhide/hideForming/95/terragrunt_kubernetes_vault/terragrunt/kubernetes/vault': exit status 1: running "terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\\\') -no-color -out $PLANFILE" in "/home/atlantis/.atlantis/repos/youhide/hideForming/95/terragrunt_kubernetes_vault/terragrunt/kubernetes/vault": 
01:00:25.639 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/r5iMJDWKah9cW1ExpmwKNaJ0axQ/PXAAUeVyhooukXMh8R--Mo-M_ng
01:00:25.662 INFO   tofu: Initializing the backend...
01:00:25.679 INFO   tofu: Successfully configured the backend "s3"! OpenTofu will automatically
01:00:25.679 INFO   tofu: use this backend unless the backend configuration changes.
01:00:25.697 INFO   tofu: Initializing provider plugins...
01:00:25.697 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:00:26.134 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:00:26.431 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:00:26.749 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:00:27.028 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:00:27.374 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:00:27.657 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:00:27.953 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:00:29.171 INFO   tofu: - Installing gavinbunney/kubectl v1.19.0...
01:00:30.900 INFO   tofu: - Installed gavinbunney/kubectl v1.19.0 (signed, key ID 1E1CE42504F5FBB2)
01:00:31.983 INFO   tofu: - Installing aminueza/minio v3.5.0...
01:00:34.220 INFO   tofu: - Installed aminueza/minio v3.5.0. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:35.531 INFO   tofu: - Installing cloudflare/cloudflare v5.4.0...
01:00:37.923 INFO   tofu: - Installed cloudflare/cloudflare v5.4.0 (signed, key ID C76001609EE3B136)
01:00:39.008 INFO   tofu: - Installing hashicorp/vault v4.8.0...
01:00:40.284 INFO   tofu: - Installed hashicorp/vault v4.8.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:40.532 INFO   tofu: - Installing telmate/proxmox v3.0.1-rc8...
01:00:41.070 INFO   tofu: - Installed telmate/proxmox v3.0.1-rc8. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:41.331 INFO   tofu: - Installing hashicorp/kubernetes v2.36.0...
01:00:42.831 INFO   tofu: - Installed hashicorp/kubernetes v2.36.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:43.117 INFO   tofu: - Installing hashicorp/helm v3.0.0-pre2...
01:00:44.419 INFO   tofu: - Installed hashicorp/helm v3.0.0-pre2 (signed, key ID 0C0AF313E5FD9F80)
01:00:44.658 INFO   tofu: - Installing goauthentik/authentik v2025.8.1...
01:00:45.549 INFO   tofu: - Installed goauthentik/authentik v2025.8.1. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:45.550 INFO   tofu: Providers are signed by their developers.
01:00:45.550 INFO   tofu: If you'd like to know more about provider signing, you can read about it here:
01:00:45.550 INFO   tofu: https://opentofu.org/docs/cli/plugins/signing/
01:00:45.550 INFO   tofu: OpenTofu has made some changes to the provider dependency selections recorded
01:00:45.550 INFO   tofu: in the .terraform.lock.hcl file. Review those changes and commit them to your
01:00:45.550 INFO   tofu: version control system if they represent changes you intended to make.
01:00:45.556 INFO   tofu: OpenTofu has been successfully initialized!
01:00:46.979 STDOUT tofu: kubernetes_cluster_role_binding.vault_token_reviewer: Refreshing state... [id=vault-token-reviewer]
01:00:46.979 STDOUT tofu: data.kubernetes_config_map.kube_config: Reading...
01:00:46.982 STDOUT tofu: vault_policy.external_secrets: Refreshing state... [id=external-secrets]
01:00:46.983 STDOUT tofu: vault_auth_backend.kubernetes: Refreshing state... [id=kubernetes]
01:00:46.983 STDOUT tofu: kubernetes_namespace.external_secrets: Refreshing state... [id=external-secrets]
01:00:46.993 STDOUT tofu: data.kubernetes_config_map.kube_config: Read complete after 0s [id=default/kube-root-ca.crt]
01:00:47.001 STDOUT tofu: helm_release.external_secrets: Refreshing state... [id=external-secrets]
01:00:47.010 STDOUT tofu: kubernetes_role.external_secrets_role: Refreshing state... [id=external-secrets/external-secrets-role]
01:00:47.022 STDOUT tofu: kubernetes_role_binding.external_secrets_rolebinding: Refreshing state... [id=external-secrets/external-secrets-rolebinding]
01:00:49.580 STDOUT tofu: kubernetes_secret.external_secrets_token: Refreshing state... [id=external-secrets/external-secrets-token]
01:00:54.097 STDOUT tofu: OpenTofu used the selected providers to generate the following execution
01:00:54.097 STDOUT tofu: plan. Resource actions are indicated with the following symbols:
01:00:54.097 STDOUT tofu:   ~ update in-place
01:00:54.097 STDOUT tofu: OpenTofu planned the following actions, but then encountered a problem:
01:00:54.097 STDOUT tofu:   # helm_release.external_secrets will be updated in-place
01:00:54.097 STDOUT tofu:   ~ resource "helm_release" "external_secrets" {
01:00:54.097 STDOUT tofu:       ~ id                         = "external-secrets" -> (known after apply)
01:00:54.097 STDOUT tofu:       ~ metadata                   = {
01:00:54.097 STDOUT tofu:           ~ app_version    = "v1.2.0" -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ chart          = "external-secrets" -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ first_deployed = 1746657171 -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ last_deployed  = 1766576553 -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ name           = "external-secrets" -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ namespace      = "external-secrets" -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ revision       = 14 -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ values         = jsonencode(
01:00:54.097 STDOUT tofu:                 {
01:00:54.097 STDOUT tofu:                   - installCRDs    = true
01:00:54.097 STDOUT tofu:                   - serviceAccount = {
01:00:54.097 STDOUT tofu:                       - create = true
01:00:54.097 STDOUT tofu:                       - name   = "external-secrets"
01:00:54.097 STDOUT tofu:                     }
01:00:54.097 STDOUT tofu:                 }
01:00:54.097 STDOUT tofu:             ) -> (known after apply)
01:00:54.097 STDOUT tofu:           ~ version        = "1.2.0" -> (known after apply)
01:00:54.098 STDOUT tofu:         } -> (known after apply)
01:00:54.098 STDOUT tofu:         name                       = "external-secrets"
01:00:54.098 STDOUT tofu:       ~ version                    = "1.2.0" -> "1.2.1"
01:00:54.098 STDOUT tofu:         # (26 unchanged attributes hidden)
01:00:54.098 STDOUT tofu:     }
01:00:54.098 STDOUT tofu: Plan: 0 to add, 1 to change, 0 to destroy.
01:00:54.098 STDERR tofu: Error: failed to lookup token, err=Error making API request.
01:00:54.098 STDERR tofu: URL: GET http://vault.localdomain:8200/v1/auth/token/lookup-self
01:00:54.098 STDERR tofu: Code: 503. Errors:
01:00:54.098 STDERR tofu: * Vault is sealed
01:00:54.098 STDERR tofu:   with vault_auth_backend.kubernetes,
01:00:54.098 STDERR tofu:   on main.tf line 100, in resource "vault_auth_backend" "kubernetes":
01:00:54.098 STDERR tofu:  100: resource "vault_auth_backend" "kubernetes" {
01:00:54.099 STDERR tofu: Error: failed to lookup token, err=Error making API request.
01:00:54.099 STDERR tofu: URL: GET http://vault.localdomain:8200/v1/auth/token/lookup-self
01:00:54.099 STDERR tofu: Code: 503. Errors:
01:00:54.099 STDERR tofu: * Vault is sealed
01:00:54.099 STDERR tofu:   with vault_policy.external_secrets,
01:00:54.099 STDERR tofu:   on main.tf line 114, in resource "vault_policy" "external_secrets":
01:00:54.099 STDERR tofu:  114: resource "vault_policy" "external_secrets" {
01:00:54.104 ERROR  tofu invocation failed in ./.terragrunt-cache/r5iMJDWKah9cW1ExpmwKNaJ0axQ/PXAAUeVyhooukXMh8R--Mo-M_ng
01:00:54.104 ERROR  error occurred:

* Failed to execute "tofu plan -input=false -out ./terragrunt_kubernetes_vault.tfplan -no-color" in ./.terragrunt-cache/r5iMJDWKah9cW1ExpmwKNaJ0axQ/PXAAUeVyhooukXMh8R--Mo-M_ng
  
  Error: failed to lookup token, err=Error making API request.
  
  URL: GET http://vault.localdomain:8200/v1/auth/token/lookup-self
  Code: 503. Errors:
  
  * Vault is sealed
  
    with vault_auth_backend.kubernetes,
    on main.tf line 100, in resource "vault_auth_backend" "kubernetes":
   100: resource "vault_auth_backend" "kubernetes" {
  
  
  Error: failed to lookup token, err=Error making API request.
  
  URL: GET http://vault.localdomain:8200/v1/auth/token/lookup-self
  Code: 503. Errors:
  
  * Vault is sealed
  
    with vault_policy.external_secrets,
    on main.tf line 114, in resource "vault_policy" "external_secrets":
   114: resource "vault_policy" "external_secrets" {
  
  
  exit status 1


Authenticated