Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 8. Configuring authentication

Application users need credentials to access Data Grid clusters. You can use default, generated credentials or add your own.

8.1. Default credentials
Copy link

Data Grid Operator generates base64-encoded credentials for the following users:

Expand
UserSecret nameDescription

developer

infinispan-generated-secret

Credentials for the default application user.

operator

infinispan-generated-operator-secret

Credentials that Data Grid Operator uses to interact with Data Grid resources.

8.2. Retrieving credentials
Copy link

Get credentials from authentication secrets to access Data Grid clusters.

Procedure

  • Retrieve credentials from authentication secrets. 

    oc get secret infinispan-generated-secret
    Copy to Clipboard Toggle word wrap

    Base64-decode credentials. 

    oc get secret infinispan-generated-secret -o jsonpath="{.data.identities\.yaml}" | base64 --decode
    Copy to Clipboard Toggle word wrap

8.3. Adding custom user credentials
Copy link

Configure access to Data Grid cluster endpoints with custom credentials.

Note

Modifying spec.security.endpointSecretName triggers a cluster restart.

Procedure

  1. Create an identities.yaml file with the credentials that you want to add. 

    credentials:
- username: myfirstusername
  password: changeme-one
- username: mysecondusername
  password: changeme-two
    Copy to Clipboard Toggle word wrap

  2. Create an authentication secret from identities.yaml. 

    oc create secret generic --from-file=identities.yaml connect-secret
    Copy to Clipboard Toggle word wrap

  3. Specify the authentication secret with spec.security.endpointSecretName in your Infinispan CR and then apply the changes. 

    spec:
  security:
    endpointSecretName: connect-secret
    Copy to Clipboard Toggle word wrap

8.4. Changing the operator password
Copy link

You can change the password for the operator user if you do not want to use the automatically generated password.

Procedure

  • Update the password key in the infinispan-generated-operator-secret secret as follows: 

    oc patch secret infinispan-generated-operator-secret -p='{"stringData":{"password": "supersecretoperatorpassword"}}'
    Copy to Clipboard Toggle word wrap
    Note

    You should update only the password key in the generated-operator-secret secret. When you update the password, Data Grid Operator automatically refreshes other keys in that secret.

8.5. Disabling user authentication
Copy link

Allow users to access Data Grid clusters and manipulate data without providing credentials.

Important

Do not disable authentication if endpoints are accessible from outside the OpenShift cluster via spec.expose.type. You should disable authentication for development environments only.

Procedure

  1. Set false as the value for the spec.security.endpointAuthentication field in your Infinispan CR. 

    spec:
  security:
    endpointAuthentication: false
    Copy to Clipboard Toggle word wrap
  2. Apply the changes.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat