DevOps / OpenShift / PaaS / Uncategorized

Secrets with OpenShift


Listen, do you want to hear a secret? Actually, so far its been pretty easy because everything has been in the clear. Welcome to Kubernetes secrets with OpenShift. Mmmm, Cookies. This lab is another in the OpenShift MiniLabs series.



A very short and simple lab demonstrating use of secrets stored in a file and then assigned to an environment variable. We will add more scenarios later.



Initial Attempt

This tutorial assumes you have completed the OpenShift MiniLabs installation procedure. Then refresh before continuing.

Repeat Attempt

To reset your environment to repeat this tutorial do the following:

$ cd ~/containersascode
$ ./oc-cluster-wrapper/oc-cluster up containersascode
$ oc login -u developer - p developer
$ oc delete project secret
$ oc delete secret jenkins-password


Create Jenkins with Password as Secret

Let’s create the Jenkins services as we did in some previous labs, but this time using a secret rather than assigning a password using a clear text environment variable. The change to the deploymentconfig should trigger a redeploy with the password set using the secret.

$ oc login -u developer - p developer
$ oc new-project secret --display-name='Secret Jenkins' --description='Secret Jenkins'
$ echo -n "password" > ./password.txt
$ oc secret new jenkins-password password=password.txt 
$ oc describe secrets jenkins-password
$ oc new-app --template=jenkins-ephemeral -l name='jenkins' -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest,NAMESPACE=openshift,MEMORY_LIMIT=2048Mi 
$ oc deploy jenkins --cancel
$ oc env dc/jenkins --prefix=JENKINS_ --from=secret/jenkins-password

Verify Lab Success

Confirm you can login to the (redeployed) Jenkins instance using the credentials admin/password. Inspect the Environment settings at .


Find out more about Kubernetes secrets.  Visit also the OpenShift origin and supported product documentation sites for secrets too.


2 thoughts on “Secrets with OpenShift

  1. Pingback: OpenShift DevOps Tutorial | emergile

  2. Thank you for publishing this awesome article. I’m reading
    your blog since a long time already but I never compelled to leave
    a comment. I registered your blog in my rss feed and shared
    it on my Facebook. Thanks again for this great article!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s