package k8s import ( "context" "fmt" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // LoadSecretData returns a copy of the requested secret value when it exists. func (c *Client) LoadSecretData(ctx context.Context, namespace, secretName, key string) ([]byte, error) { secret, err := c.Clientset.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { return nil, nil } return nil, fmt.Errorf("get secret %s/%s: %w", namespace, secretName, err) } if secret.Data == nil { return nil, nil } value, ok := secret.Data[key] if !ok || len(value) == 0 { return nil, nil } out := make([]byte, len(value)) copy(out, value) return out, nil } // SaveSecretData creates or updates the target secret while preserving labels. func (c *Client) SaveSecretData(ctx context.Context, namespace, secretName, key string, value []byte, labels map[string]string) error { secretClient := c.Clientset.CoreV1().Secrets(namespace) secret, err := secretClient.Get(ctx, secretName, metav1.GetOptions{}) if err != nil { if !apierrors.IsNotFound(err) { return fmt.Errorf("get secret %s/%s: %w", namespace, secretName, err) } secret = &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: secretName, Namespace: namespace, Labels: map[string]string{}, }, Type: corev1.SecretTypeOpaque, Data: map[string][]byte{}, } } if secret.Data == nil { secret.Data = map[string][]byte{} } secret.Data[key] = value if secret.Labels == nil { secret.Labels = map[string]string{} } for labelKey, labelValue := range labels { secret.Labels[labelKey] = labelValue } if secret.ResourceVersion == "" { if _, err := secretClient.Create(ctx, secret, metav1.CreateOptions{}); err != nil { return fmt.Errorf("create secret %s/%s: %w", namespace, secretName, err) } return nil } if _, err := secretClient.Update(ctx, secret, metav1.UpdateOptions{}); err != nil { return fmt.Errorf("update secret %s/%s: %w", namespace, secretName, err) } return nil }