Container: Developing an Application - OpenShift Secrets


The OpenShift secrets functionality allows for storage and access of sensitive information. The OpenShift documentation can be found here.

Key points:

  1. All secret data must be Base64 encoded. It will be decoded by OpenShift when your application attempts to access it.
  2. The secret must be created before it can be referenced by your application. Secrets are project-scoped; all applications within a project--and none outside--have access to a secret.
  3. The deployment config of your application will need to be modified to mount a volume containing the secret. Use syntax similar to this:
    oc volume dc/prod --add --type=secret --secret-name=samlprod --mount-path=/usr/src/app/myapp/local/saml
  4. Reference that location in your code. Each data field within a secret will show up as a separate file within that volume.

Secrets cannot be edited directly.  Instead they should be deleted and recreated:
oc delete secret saml-secret
This will delete the secret named "saml-secret". Your actual secret will likely have a different name.

Last Updated: 
Tuesday, September 11, 2018