3

I have created a serviceaccount with edit permission on openshift:

oc create serviceaccount gitlab-ci
oc policy add-role-to-user edit system:serviceaccount:test-project:gitlab-ci

but when I check the secrets, I see two secrets regarding the serviceaccount, both have the same structure but with a different values:

enter image description here

What are the uses of two secrets and why can't we handle it via one secret?

Yashar
  • 2,455
  • 3
  • 25
  • 31

1 Answers1

0

The anser is in the documentation: Understanding and creating service accounts:

Each service account automatically contains two secrets:

  • An API token
  • Credentials for the OpenShift Container Registry
titou10
  • 2,814
  • 1
  • 19
  • 42
  • 2
    The `Credentials for the OpenShift Container Registry` is different and it has a name like `gitlab-ci-dockercfg-aaa` which is different from `gitlab-ci-token-XXX` – Yashar Aug 14 '21 at 11:59
  • The credential for the container registry is not a service account token. OpenShift clearly shows in the output by the OP that these both are service-account-tokens which their documentation also does not clarify. – Parth Patel Nov 01 '22 at 21:49
  • This is happening also in Openshift 4.11. @Yashar did your service account already have two API token BEFORE you granted him edit permissions? – elmazzun Apr 12 '23 at 08:11