Skip to main content
Version: main 🚧

Create project secrets

Project secrets let you define and share secrets across the clusters where your project's namespaces and tenant clusters run. There are two ways to populate a project secret:

  1. Enter secret data directly in the project secret.
  2. Sync from a global secret, which lets you propagate the same secret data across many projects from one place.

In both cases you consume the secret by creating a regular Kubernetes secret with labels that reference the project secret. vCluster Platform then synchronizes the data into that secret automatically.

Data or Shared Secrets, but not both

It is not possible to define data custom in a project secret and synchronize a shared secret. If you need to define additional secret data that is specific to your project, it is best to create a separate secret, and combine them in your pod specifications.

Enter secret data directly​

  1. Go to Projects, select your project, then click Secrets.

  2. Click .

  3. Enter a display name such as "My Secret" and an optional description. The UI fills in .metadata.name automatically; edit the YAML directly to override it.

  4. Add your secret key/value pairs in Secret Data.

  5. Click .

See Secret Sync to learn how to use project secret data from a Pod.

Sync from a global secret​

You must have read permission on the global secret, otherwise the request will be denied.

  1. Go to Projects, select your project, then click Secrets.

  2. Click .

  3. Enter a display name such as "My Secret" and an optional description. The UI fills in .metadata.name automatically; edit the YAML directly to override it.

  4. In Data, enable Synchronize data from a global secret, then select the global secret in Select a Global Secret.

  5. In Management Access, add which users and teams can access and modify the project secret.

  6. Click .

See Secret Sync to learn how to use project secret data from a Pod.