Skip to main content
Version: main 🚧

Create global secrets

Global secrets let you define and share secrets across all registered clusters. vCluster Platform synchronizes the secret data into any native Kubernetes secret that references it. Synchronization applies only to secrets in spaces, not to secrets inside tenant clusters. To make global secret data available inside a tenant cluster, create a project secret that references the global secret.

The Global Secrets menu item is only visible when you have create permission on the SharedSecret resource and the Secrets feature flag is enabled. If the menu item is missing, ask your platform administrator to verify both.

To create a global secret follow these steps:

  1. Go to Access & Secrets > Global Secrets.

  2. Click .

  3. Enter a name in my-secret.

  4. Enter a description in Enter a description for this object....

  5. Click Data.

  6. Add your secret key/value pairs in Secret Data.

  7. Click Management Access.

  8. Click to add an access rule.

  9. In Users & Teams, select the user or team to grant access.

  10. In Permissions, select the verb to enable.

  11. Click .

To use this global secret, create a secret in the namespace where you need the secret data, taking care to add the labels:

apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: my-space
labels:
loft.sh/sharedsecret-namespace: vcluster-platform
loft.sh/sharedsecret-name: my-secret
type: Opaque