Hey @kapa.ai if we change the config secrets, do we need to upgrade the installation on kubernetes ?

Yes, if you modify the configuration of connector secret storage, it will cause all existing connectors to fail. You will need to recreate these connectors to ensure they are reading from the appropriate secret store. This is because Airbyte's default behavior is to store encrypted connector secrets on your cluster as Kubernetes secrets. If you opt to store connector secrets in an external secret manager such as AWS Secrets Manager, Google Secrets Manager or Hashicorp Vault, you will need to update your configuration accordingly. For example, if you are using AWS Secrets Manager, you need to ensure you've already created a Kubernetes secret containing both your AWS Secrets Manager access key ID, and secret access key. By default, secrets are expected in the

airbyte-config-secrets

Kubernetes secret, under the

aws-secret-manager-access-key-id

and

aws-secret-manager-secret-access-key

keys. Here is an example of how to configure these:

yaml global:     secretsManager:       type: awsSecretManager       awsSecretManager:         region: <aws-region>         authenticationType: credentials ## Use "credentials" or "instanceProfile"         tags: ## Optional - You may add tags to new secrets created by Airbyte.           - key: ## e.g. team             value: ## e.g. deployments           - key: business-unit             value: engineering         kms: ## Optional - ARN for KMS Decryption.

You can find more details in the [Airbyte documentation](https://docs.airbyte.com/enterprise-setup/implementation-guide#configuring-external-connector-secret-management).