From 10ef21c8b8243ab0efaab1839fac235dfbd9e2b5 Mon Sep 17 00:00:00 2001
From: MOREV Mikhail <Mikhail.MOREV@raiffeisen.ru>
Date: Thu, 9 Jan 2020 10:51:14 +0600
Subject: [PATCH] Skip publish to Vault if secret is up-to-date in order to
 avoid version increment

---
 publish/vault.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/publish/vault.go b/publish/vault.go
index 01e0ddc0e..301e13bc3 100644
--- a/publish/vault.go
+++ b/publish/vault.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/google/go-cmp/cmp"
 	vault "github.com/hashicorp/vault/api"
 )
 
@@ -65,6 +66,17 @@ func (vaultd *VaultDestination) UploadUnencrypted(data map[string]interface{}, f
 		}
 	}
 
+	existingSecret, err := client.Logical().Read(vaultd.secretsPath(fileName))
+	if err != nil {
+		return err
+	}
+	if existingSecret != nil {
+		if cmp.Equal(data, existingSecret.Data["data"]) {
+			fmt.Printf("Secret in %s is already up-to-date.\n", vaultd.secretsPath(fileName))
+			return nil
+		}
+	}
+
 	secretsData := make(map[string]interface{})
 
 	if vaultd.kvVersion == 1 {