Edit

opencenter secrets validate

Validate secrets for configuration drift

Synopsis

Validate secrets by comparing config file against encrypted manifests.

This command detects configuration drift between the cluster’s config file (.k8s-<cluster>-config.yaml) and the deployed encrypted manifests. It identifies:</cluster>

  • Secrets that differ between config and manifests (drift)

  • Secrets in config but missing from manifests

  • Secrets in manifests but not in config (orphaned)

  • Unencrypted secrets in manifests (security violations)

The validation returns exit code 0 if no drift is detected, or exit code 1 if drift exists. This makes it suitable for CI/CD pipelines.

If no cluster name is provided, uses the currently active cluster.

opencenter secrets validate [cluster] [flags]

Examples

  # Validate secrets for active cluster
  opencenter secrets validate

  # Validate secrets for specific cluster
  opencenter secrets validate my-cluster

  # Auto-fix detected drift
  opencenter secrets validate my-cluster --fix

  # Output in JSON format for CI/CD
  opencenter secrets validate my-cluster --output json

Options

      --fix    Automatically fix drift by running opencenter secrets sync
  -h, --help   help for validate

SEE ALSO

  • opencenter_secrets.md[opencenter secrets] - Manage secrets across backends

Auto generated by spf13/cobra on 28-Apr-2026