Create project secrets
Project secrets let you define and share secrets across the clusters where your project's namespaces and tenant clusters run. There are two ways to populate a project secret:
- Enter secret data directly in the project secret.
- Sync from a global secret, which lets you propagate the same secret data across many projects from one place.
In both cases you consume the secret by creating a regular Kubernetes secret with labels that reference the project secret. vCluster Platform then synchronizes the data into that secret automatically.
It is not possible to define data custom in a project secret and synchronize a shared secret. If you need to define additional secret data that is specific to your project, it is best to create a separate secret, and combine them in your pod specifications.
Enter secret data directly​
Go to Projects, select your project, then click Secrets.
Click .
Enter a display name such as "My Secret" and an optional description. The UI fills in
.metadata.nameautomatically; edit the YAML directly to override it.Add your secret key/value pairs in Secret Data.
Click .
See Secret Sync to learn how to use project secret data from a Pod.
Sync from a global secret​
You must have read permission on the global secret, otherwise the request will be denied.
Go to Projects, select your project, then click Secrets.
Click .
Enter a display name such as "My Secret" and an optional description. The UI fills in
.metadata.nameautomatically; edit the YAML directly to override it.In Data, enable Synchronize data from a global secret, then select the global secret in Select a Global Secret.
In Management Access, add which users and teams can access and modify the project secret.
Click .
See Secret Sync to learn how to use project secret data from a Pod.