The OpenShift secrets functionality allows for storage and access of sensitive information. The OpenShift documentation can be found here.
- All secret data must be Base64 encoded. It will be decoded by OpenShift when your application attempts to access it.
- The secret must be created before it can be referenced by your application. Secrets are project-scoped; all applications within a project--and none outside--have access to a secret.
- The deployment config of your application will need to be modified to mount a volume containing the secret. Use syntax similar to this:
oc volume dc/prod --add --type=secret --secret-name=samlprod --mount-path=/usr/src/app/myapp/local/saml
- Reference that location in your code. Each data field within a secret will show up as a separate file within that volume.
Secrets cannot be edited directly. Instead they should be deleted and recreated:
oc delete secret saml-secret
This will delete the secret named "saml-secret". Your actual secret will likely have a different name.