Using DevSpace Secrets

Overview

The DevSpaceSecret resource type allows you to create a secret that is accessible across all virtual clusters within a DevSpace.

This resource is based on Loft’s concept of Project Secrets , enabling centralized secret management.

How It Works

  • The DevSpaceSecret acts as the source of truth for secret data
  • Kubernetes Secrets reference it using the loft.sh/project-secret-name label
  • This approach simplifies secret management across multiple virtual clusters
  • The contents are automatically and periodically synced to the referenced Kubernetes Secrets

Using DevSpace Secret using CLI

To use DevSpaceSecrets, follow these steps:

1. Create a DevSpaceSecret

Create a DevSpaceSecret resource in your DevSpace. This defines the secret data that will be shared across virtual clusters.

Example 

apiVersion: storage.kosmos.spcplatform.com/v2alpha1
kind: DevSpaceSecret
metadata:
  name: devspacesecret-sample
  namespace: loft-p-sample-devspace
spec:
  displayName: Sample DevSpaceSecret
  description: Sample DevSpaceSecret Description
  data:
    key: dmFsdWU=

2. Reference the DevSpaceSecret in a Kubernetes Secret

To make the secret available inside a virtual cluster, create a standard Kubernetes Secret and reference the DevSpaceSecret using a label.

Example 

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: my-space
  labels:
    loft.sh/project-secret-name: devspacesecret-sample
type: Opaque

Notes:

  • Ensure the label value matches the DevSpaceSecret name exactly
  • Updates to the DevSpaceSecret are propagated to all linked Kubernetes Secrets

DevSpace Secret management using Kosmos Console

  1. Navigate to the DevSpaces view using the navigation panel on the left.
  2. Click on the DevSpace you’d like to configure.
  3. Click on DevSpace secrets tab.
  4. Click on the Add DevSpace Secret button.
  5. Add a display name, such as “My Secret” and optional description for the DevSpace secret. The UI will automatically fill in the .metadata.name with my-secret. If you wish to change this name you may edit the YAML directly.
  6. Click Add a secret In the Secret Data input, add your secret key/value pairs.
  7. Click on the Save button to save your changes.

Edit this page on GitHub