Skip to main content

Create global secrets

Global Secrets allow you to define and share secrets across all registered clusters. Native Kubernetes secrets that reference these global secrets can then be created and vCluster Platform will synchronize the secret's data with the global secret.

Space secrets, but not Virtual Cluster secrets

Global secrets are not synchronized to secrets created within virtual clusters, however project secrets are. To use a global secret to manage secret data in virtual clusters, you can first create a project secret that is synchronized by a global secret.

Create a Global Secret

To create a global secret follow these steps:

  1. Navigate to the Global Secrets view using the menu on the left

  2. Click on the button

  3. Enter a name for the secret by clicking on my-secret

  4. Enter a decritpion for the secret by clicking on Enter a description for this object...

  5. Click on the Data

  6. Enter the secret data in the Secret Data input

  7. Enter the namespace for the secret in the Secret Data input

  8. Click on the Access

  9. Use the to add new access rules for the shared secret

  10. Under the Users & Teams column, select the user or team you'd like to grant access to the shared secret

  11. Under the Permissions column, select the verb to enable for the user or team

  12. Click on the button once your changes are complete

To use this global secret, create a secret in the namespace where you need the secret data, taking care to add the labels:

apiVersion: v1
kind: Secret
metadata:
name: my-secret
namespace: my-space
labels:
loft.sh/sharedsecret-namespace: vcluster-platform
loft.sh/sharedsecret-name: my-secret
type: Opaque