Secrets with OpenShift

Listen, do you want to hear a secret? Actually, so far its been pretty easy because everything has been in the clear. Welcome to Kubernetes secrets with OpenShift. Mmmm, Cookies. This lab is another in the OpenShift MiniLabs series.



A very short and simple lab demonstrating use of secrets stored in a file and then assigned to an environment variable. We will add more scenarios later.



Initial Attempt

This tutorial assumes you have completed the OpenShift MiniLabs installation procedure. Then refresh before continuing.

Repeat Attempt

To reset your environment to repeat this tutorial do the following:

$ cd ~/containersascode
$ ./oc-cluster-wrapper/oc-cluster up containersascode
$ oc login -u developer - p developer
$ oc delete project secret
$ oc delete secret jenkins-password


Create Jenkins with Password as Secret

Let’s create the Jenkins services as we did in some previous labs, but this time using a secret rather than assigning a password using a clear text environment variable. The change to the deploymentconfig should trigger a redeploy with the password set using the secret.

$ oc login -u developer - p developer
$ oc new-project secret --display-name='Secret Jenkins' --description='Secret Jenkins'
$ echo -n "password" > ./password.txt
$ oc secret new jenkins-password password=password.txt 
$ oc describe secrets jenkins-password
$ oc new-app --template=jenkins-ephemeral -l name='jenkins' -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest,NAMESPACE=openshift,MEMORY_LIMIT=2048Mi 
$ oc deploy jenkins --cancel
$ oc env dc/jenkins --prefix=JENKINS_ --from=secret/jenkins-password

Verify Lab Success

Confirm you can login to the (redeployed) Jenkins instance using the credentials admin/password. Inspect the Environment settings at .


Find out more about Kubernetes secrets.  Visit also the OpenShift origin and supported product documentation sites for secrets too.

Leave a Reply