When creating a new 'Keycloak' CRD using the Red Hat Single Sign-On (RH SSO) Operator, the name of the secret created for the Database is always 'keycloak-db-secret'

Solution Verified - Updated -


When creating a new Keycloak Custom Resource Definition (CRD) using the RH SSO Operator through the OpenShift User Interface (UI), the following information is displayed:

Both POSTGRES_EXTERNAL_ADDRESS and POSTGRES_EXTERNAL_PORT are specifically required for creating connection to the external database. The secret name is created using the following convention: <Custom Resource Name>-db-secret
For more information, please refer to the Operator documentation.

However, it's always created as keycloak-db-secret even when the name from the Keycloak CRD is another such as test.


  • Red Hat Single Sign-On (RH SSO)
    • 7.X (Operator)
  • OpenShift Container Platform (OCP)
    • 4.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content