When creating a new service account, you may notice that OpenShift creates three secret objects. Below I describe the function of these three secrets:
# oc create sa testAs you can see there are now three secrets:
test-dockercfg-bsjrb
test-token-2gghd
test-token-n6chz
Let’s take a closer look at test-token-2gghd:
This is a secret/token for the service account itself. This means that I can use this token to authenticate myself to other services with the service account „test“ as the username and the token eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc…. as the password.
The other two secrets are used to authenticate against OpenShift’s internal docker registry. test-token-n6chz is the password (token) for the registry and test-dockercfg-bsjrb contains the file .dockercfg, which is an older format for .docker/config.json and contains the Docker credentials for authentication against docker registries.
