How to delete or overwrite a secret in OpenShift?
Asked Answered
P

2

15

I'm trying to create a secret on OpenShift v3.3.0 using:

oc create secret generic my-secret --from-file=application-cloud.properties=src/main/resources/application-cloud.properties -n my-project

Because I created the same secret earlier, I get this error message:

Error from server: secrets "my-secret" already exists

I looked at oc, oc create and oc create secret options and could not find an option to overwrite the secret when creating it.

I then tried to delete the existing secret with oc delete. All the commands listed below return either No resources found or a syntax error.

oc delete secrets -l my-secret -n my-project
oc delete secret -l my-secret -n my-project
oc delete secrets -l my-secret 
oc delete secret -l my-secret 
oc delete pods,secrets -l my-project
oc delete pods,secrets -l my-secret
oc delete secret generic -l my-secret

Do you know how to delete a secret or overwrite a secret upon creation using the OpenShift console or the command line?

Pinkerton answered 30/1, 2017 at 13:40 Comment(0)
D
24

"my-secret" is the name of the secret, so you should delete it like this:

oc delete secret my-secret

Add -n option if you are not using the project where the secret was created

oc delete secret my-secret -n <namespace>
Destitution answered 30/1, 2017 at 14:37 Comment(0)
E
1

I hope by this time you might have the answer ready, just sharing if this can help others.

As on today here are the details of CLI version and Openshift version which I am working on:

$ oc version
oc v3.6.173.0.5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Server <SERVER-URL>
openshift v3.11.0+ec8630f-265
kubernetes v1.11.0+d4cacc0

Let's take a simple secret with a key-value pair generated using a file, will get to know the advantage if generated via a file.

$ echo -n "password" | base64
cGFzc3dvcmQ=

Will create a secret with this value:

$ cat clientSecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  clienttoken: cGFzc3dvcmQ=

$ oc apply -f clientSecret.yaml 
secret "test-secret" created

Let's change the password and update it in the YAML file.

$ echo -n "change-password" | base64
Y2hhbmdlLXBhc3N3b3Jk


$ cat clientSecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  clienttoken: Y2hhbmdlLXBhc3N3b3Jk

From the definition of oc create command, it creates a resource if found throws an error. So this command won't fit to update a configuration of a resource, in our case its a secret.

$ oc create --help
Create a resource by filename or stdin

To make life easier, Openshift has provided oc apply command to apply a configuration to a resource if there is a change. This command is also used to create a resource, which helps a lot during automated deployments.

$ oc apply --help
Apply a configuration to a resource by filename or stdin.
$ oc apply -f clientSecret.yaml 
secret "test-secret" configured

By the time you check the secret in UI, a new/updated password appears on the console.

So if you have noticed, first time apply has resulted in created - secret "test-secret" created and in subsequent apply results in configured - secret "test-secret" configured

Elliott answered 1/11, 2019 at 13:38 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.