Debug School

Cover image for Modify the global pull secret in OpenShift
Suyash Sambhare
Suyash Sambhare

Posted on

Modify the global pull secret in OpenShift

In case you are incapable of changing the global pull secret in OpenShift 4, you need to renew or replace the global cluster pull secret.


  • To modify the pull secret used globally, it's required to access the cluster with a user that has cluster-admin permissions.
  • The pull-secret taken from will be also necessary.
  • There is a notorious issue that the OpenShift API server does not get the renewed pull secret.
  • Authentication errors are pointed out after the global pull secret is renewed in OCP 4 for extra info.
  • The pull secret switch on its own will not renew the cluster owner on - commence the transfer of the cluster beforehand switching the pull secret!
  • Modifying the owner without undertaking this will destroy telemetry broadcasting.
  • The full steps in the OpenShift cluster manager guidebook and the records to renew the global cluster pull secret for the required steps.
  • You can also take the pull secret from using a REST API call.


Before updating pull-secret, please test if your new pull-secret is valid and working:

$ podman pull --authfile /home/suyash/pull-secret

Renewing an existing secret

To update the existing secret, run:

$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/home/suyash/pull-secret

Create a secret

If a secret does not already exist and needs to be formed, the next instruction will generate the secret:

$ oc create secret generic pull-secret -n openshift-config --from-file=.dockerconfigjson=/home/suyash/pull-secret

It's possible to renew the global pull secret for your cluster by either changing the existing pull secret or adding a new pull secret.



$ oc get secret pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}'
For a straightforward look at the matter, if jq is accessible, it's feasible to affix | jq at the end of the previous instruction.


Top comments (0)