From da8b8423bec0e9dd59b4b6b3f3d78e92244ca6d3 Mon Sep 17 00:00:00 2001
From: RichardHoch <rhoch@redhat.com>
Date: Tue, 31 Oct 2023 19:06:42 +0200
Subject: [PATCH] Customer update backup repository password

---
 modules/oadp-installing-dpa.adoc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/oadp-installing-dpa.adoc b/modules/oadp-installing-dpa.adoc
index d8f93b34e9..624221a436 100644
--- a/modules/oadp-installing-dpa.adoc
+++ b/modules/oadp-installing-dpa.adoc
@@ -32,6 +32,15 @@ endif::[]
 ====
 If you do not want to specify backup or snapshot locations during the installation, you can create a default `Secret` with an empty `credentials-velero` file. If there is no default `Secret`, the installation will fail.
 ====
++
+[NOTE]
+====
+Velero creates a secret named `velero-repo-credentials` in the OADP namespace, which contains a default backup repository password.
+You can update the secret with your own password encoded as base64 *before* you run your first backup targeted to the backup repository. The value of the key to update is `Data[repository-password]`.
+
+After you create your DPA, the first time that you run a backup targeted to the backup repository, Velero creates a backup repository whose secret is `velero-repo-credentials`, which contains either the default password or the one you replaced it with.
+If you update the secret password *after* the first backup, the new password will not match the password in `velero-repo-credentials`, and therefore, Velero will not be able to connect with the older backups.
+====
 
 .Procedure