Contact us
Console login

How to manage Kubernetes Secrets with Red Hat OpenShift

Learning path 6 resources Published on September 22, 2025

Learn the basics of Kubernetes Secrets and how Red Hat® OpenShift® can help you get the most out of your preferred Kubernetes Secrets management strategy. 

Learn the basics of Kubernetes Secrets and how Red Hat® OpenShift® can help you get the most out of your preferred Kubernetes Secrets management strategy. 

Resources in this path

6 resources

How to manage Kubernetes Secrets with Red Hat OpenShift

Most organizations must keep secrets—pieces of information or data that should only be accessed by specific people or workloads (like passwords, confidential data, TLS certificates, etc). A dedicated secrets management system is specifically designed to handle sensitive data and connect to different platforms, including Kubernetes.

Using an external system for managing secrets gives organizations an extra layer of security and the ability to establish a higher level “command center” where secrets can be audited, monitored, and controlled. This helps limit the uncontrolled spread of self-managed secrets within Kubernetes. Additionally, these systems can automate the entire lifecycle of a secret—including tasks like automatically rotating them, setting expiration dates, and revoking access. This helps reduce the risk of secrets becoming compromised over time.

Secrets management in Red Hat® OpenShift® is designed to be flexible and work with a variety of tools, so organizations are not locked in with a single vendor. This is achieved through an operator and plugin architecture which separates workloads and applications from the secrets manager. The workload doesn't need to know where or how a secret is stored. Instead, the operator, in combination with the vendor plugin, acts as the intermediary. The plugin handles all communication between the Red Hat OpenShift cluster and the external secrets manager, and the operator handles all communication between the plugin and the workloads. Because the system is built this way, any vendor can create a plugin as long as it follows the specific rules and APIs defined by the operator.

Red Hat OpenShift supports several options for managing secrets:

  • Secrets Store CSI Driver: allows Kubernetes to access and use multiple secrets, keys, and certificates from external secret management systems.
  • External Secrets Operator: synchronizes secrets from external management systems into Kubernetes Secrets and manages them in Red Hat OpenShift.  
  • Cert-manager: adds certificates and certificate issuers as type:Secret  within a Kubernetes cluster. 

What is included in this learning path?

  • What is a Kubernetes Secret?
  • Approaches to managing Kubernetes Secrets and other credentials in Red Hat OpenShift
  • Introductions to Secrets Store CSI Driver, External Secrets Operator, and cert-manager
  • Available partner and vendor integrations

What will you get?

  • An understanding of what Kubernetes Secrets are and how they work
  • Best strategies for managing Kubernetes Secrets for different workload requirements
  • How to get the most out of your preferred Kubernetes Secrets management methods using Red Hat OpenShift 
Next resource
What are Kubernetes Secrets?
Back to the basics
Learn or refresh your foundations

Foundations of Red Hat OpenShift

What is Kubernetes?

What is secrets management?

Beyond the basics
Expand your skillset

How to achieve multi-cluster resiliency with Red Hat

Foundations of container-level security with Red Hat Advanced Cluster Security for Kubernetes

Developing applications on Red Hat OpenShift

Hybrid Cloud Logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy, sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

 © 2025 Red Hat