Skip to main content

Create

Global Secrets allow you to define and share secrets across all registered clusters. Native Kubernetes secrets that reference these global secrets can then be created and vCluster.Pro will synchronize the secret's data with the global secret.

Space secrets, but not Virtual Cluster secrets

Global secrets are not synchronized to secrets created within virtual clusters, however project secrets are. To use a global secret to manage secret data in virtual clusters, you can first create a project secret that is synchronized by a global secret.

Create a Global Secret

To create a global secret follow these steps:

  1. Navigate to the Global Secrets view using the menu on the left
  2. Click on the button
  3. Enter a name for the secret by clicking on my-secret
  4. Enter a decritpion for the secret by clicking on Enter a description for this object...
  5. Click on the Data
  6. Enter the secret data in the Secret Data input
  7. Enter the namespace for the secret in the Secret Data input
  8. Click on the Access
  9. Use the to add new access rules for the shared secret
  10. Under the Users & Teams column, select the user or team you'd like to grant access to the shared secret
  11. Under the Permissions column, select the verb to enable for the user or team
  12. Click on the button once your changes are complete

To use this global secret, create a secret in the namespace where you need the secret data, taking care to add the labels:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: my-space
  labels:
    loft.sh/sharedsecret-namespace: vcluster-pro
    loft.sh/sharedsecret-name: my-secret
type: Opaque
Last updated on