Skip to main content

Create project secrets

Project secrets allow you to define and share secrets across the allowed clusters where namespace and virtual cluster instances of the project are deployed. There are two ways to utilize project secrets:

  1. Create project secrets and populate it with its own secret data.
  2. Create a project secret that syncs with a shared secret.

In both cases, to utilize the secret data, you will create a regular Kubernetes secret with labels referring to the project secret. Once created, vCluster Platform will handle synchronizing the project secret data to your secret.

Data or Shared Secrets, but not both

It is not possible to define data custom in a project secret and synchronize a shared secret. If you need to define additional secret data that is specific to your project, it is best to create a separate secret, and combine them in your pod specifications.

Create a Project Secret with Custom Data

To create a project secret with its own data follow these steps:

  1. Navigate to the Projects view using the menu on the left

  2. Select the project you'd like to configure using the drop down menu

  3. Click on Project Secrets

  4. Click on the button

  5. Add a display name, such as "My Secret" and optional description for the project secret. The UI will automatically fill in the .metadata.name with my-secret. If you wish to change this name you may edit the YAML directly

  6. In the Secret Data input, add your secret key/value pairs

  7. Click on the button to save your changes

Once the project secret has been created, head over to the Secret Sync page to learn how to use the project secret data from a Pod.

Global secrets can be used in projects by creating a project secret that is synchronized by a global secret. This provides a way to manage secret data across many projects.

Creating Project Secrets synced from a Global Secret

When you have a global secret defined in the platform and wish to use it inside your project, you can create a project secret to be synced from the global secret.

Global Secret Permissions

When creating a project secret that refers to a global secret you must have permissions to read the shared secret or the request will be denied.

  1. Select the project you'd like to configure using the drop down menu. Click on Secrets.

  2. Click on the button.

  3. Add a display name, such as "My Secret" and optional description for the project secret. The UI will automatically fill in the .metadata.name with my-secret. If you wish to change this name you may edit the YAML directly.

  4. In the Data, select the global secret that you wish to sync to the project secret in the Optional: Global Secret section.

  5. Click on Permissions. Add which users and teams have access and permissions to modify the project secret.

  6. Click on the button to save your changes.

The global secret's data will be synchronized with the project secret momentarily. Using this configuration, updates to the shared secret will automatically propagate down to the project secret.

Once the project secret has been created, head over to the Secret Sync page to learn how to use the project secret data from a Pod.