Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

How to share secrets across Red Hat OpenShift projects

April 26, 2024
Bharathi Tenneti
Related topics:
JavaKubernetesSpring Boot
Related products:
Red Hat OpenShift

Share:

    With the Red Hat OpenShift 4.15 release, the shared resource CSI Driver operator feature (in Tech Preview) allows for sharing secrets across namespaces. This addresses a common developer request, enabling the creation of secrets in one place and seamless sharing across projects. This is particularly handy for efficiently managing frequently accessed services like Messaging layer, Databases, and Registries.

    In this article, we'll dive into the technical aspects of leveraging this feature, optimizing your OpenShift workflow for enhanced secret management. We will walk through a simple Spring Boot example, which will read a secret from a mount, and display the contents. This secret will be created as a sharedSecret on another namespace.

    Prerequisites

    As a cluster admin, to enable Tech Preview features, enable feature gate.

    Create the namespace and secret:

    $ oc new-project namespace1
    $ oc create  secret generic  greeting-secret --from-literal greeting-message="Secret message from Namespace1."

    Create the SharedSecret:

    $ oc apply -f - <<EOF
    
    apiVersion: sharedresource.openshift.io/v1alpha1
    
    kind: SharedSecret
    
    metadata:
    
      name: my-share
    
    spec:
    
      secretRef:
    
        name: greeting-secret 
    
        namespace: namespace1           
    
    EOF
    
    sharedsecret.sharedresource.openshift.io/my-share configured

    Create the application namespace:

    $ oc new-project namespace

    Create Role and RoleBinding to access the shared secret:

    $  oc apply -f - <<EOF
    
    apiVersion: rbac.authorization.k8s.io/v1
    
    kind: Role
    
    metadata:
    
      name: shared-resource-my-share
    
      namespace: namespace2
    
    rules:
    
      - apiGroups:
    
          - sharedresource.openshift.io
    
        resources:
    
          - sharedsecrets
    
        resourceNames:
    
          - my-share
    
        verbs:
    
          - use
    
    EOF
    
    role.rbac.authorization.k8s.io/shared-resource-my-share created
    $ oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=namespace2:builder  
    
    rolebinding.rbac.authorization.k8s.io/shared-resource-my-share created

    Deploy application using Source-to-Image (S2I)

    Navigate to the +Add tab, select the Developer Catalog -> All Services -> DevFile -> Basic Springboot option, and provide the following URL: https://github.com/bharathi-tenneti/devfile-sample-java-springboot-basic.git

    The application is configured to look for a path to read the message coming from the secret and display it, as shown in Figure 1.

    Code sample for the Spring Boot application.
    Figure 1: Sample code for the Spring Boot application.

    Verify deployment YAML for ENV variable(greeting.file.path), and for volumeMounts to mount the shared secret from CSI volumes, as illustrated in Figure 2.

    Sample YAML
    Figure 2: Sample deploy.yaml file.

    Test the application

    Test the application:

    $ curl springboot-basic-namespace2.apps.cluster-tcbgg.dynamic.opentlc.com/
    
    Secret message from Namespace1.

    In a similar way, ConfigMaps can be shared across OpenShift namespaces as well.

    Last updated: January 15, 2025

    Related Posts

    • Protect secrets in Git with the clean/smudge filter

    • Using secrets in Kafka Connect configuration

    • Keeping Kubernetes secrets secret

    • Working with OpenShift secrets for ASP.NET Core

    • Configuring Spring Boot on Kubernetes with Secrets

    • What's new for developers in Red Hat OpenShift 4.15

    Recent Posts

    • Customize RHEL CoreOS at scale: On-cluster image mode in OpenShift

    • How to set up KServe autoscaling for vLLM with KEDA

    • How I used Cursor AI to migrate a Bash test suite to Python

    • Install Python 3.13 on Red Hat Enterprise Linux from EPEL

    • Zero trust automation on AWS with Ansible and Terraform

    What’s up next?

    Kubernetes Patterns e-book share image

    The evolution of microservices and containers in recent years significantly changed the way we design, develop, and run software. Read Kubernetes Patterns and learn to create cloud-native applications with Kubernetes as a runtime platform and build container images directly within the cluster.

    Get the e-book
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Platforms

    • Red Hat AI
    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    • See all products

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue