// Module included in the following assemblies: // // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc :_mod-docs-content-type: PROCEDURE [id="oadp-creating-default-secret_{context}"] = Creating a default Secret [role="_abstract"] You create a default `Secret` if your backup and snapshot locations use the same credentials or if you do not require a snapshot location. ifdef::installing-oadp-aws,installing-oadp-azure,installing-oadp-gcp,installing-oadp-mcg[] The default name of the `Secret` is `{credentials}`. endif::[] ifdef::installing-oadp-ocs[] The default name of the `Secret` is `{credentials}`, unless your backup storage provider has a default plugin, such as `aws`, `azure`, or `gcp`. In that case, the default name is specified in the provider-specific OADP installation procedure. endif::[] [NOTE] ==== The `DataProtectionApplication` custom resource (CR) requires a default `Secret`. Otherwise, the installation will fail. If the name of the backup location `Secret` is not specified, the default name is used. If you do not want to use the backup location credentials during the installation, you can create a `Secret` with the default name by using an empty `credentials-velero` file. ==== .Prerequisites * Your object storage and cloud storage, if any, must use the same credentials. * You must configure object storage for Velero. .Procedure . Create a `credentials-velero` file for the backup storage location in the appropriate format for your cloud provider. ifdef::installing-oadp-aws,installing-oadp-mcg,installing-oadp-ocs[] + See the following example: + [source,terminal] ---- [default] aws_access_key_id= aws_secret_access_key= ---- endif::[] ifdef::installing-oadp-azure[] + You can use one of the following two methods to authenticate {oadp-short} with Azure. * Use the service principal with secret-based authentication. See the following example: + [source,terminal] ---- AZURE_SUBSCRIPTION_ID= AZURE_TENANT_ID= AZURE_CLIENT_ID= AZURE_CLIENT_SECRET= AZURE_RESOURCE_GROUP= AZURE_CLOUD_NAME= ---- * Use a storage account access key. See the following example: + [source,terminal] ---- AZURE_STORAGE_ACCOUNT_ACCESS_KEY= AZURE_SUBSCRIPTION_ID= AZURE_RESOURCE_GROUP= AZURE_CLOUD_NAME= ---- endif::[] . Create a `Secret` custom resource (CR) with the default name: + [source,terminal,subs="attributes+"] ---- $ oc create secret generic {credentials} -n openshift-adp --from-file cloud=credentials-velero ---- + The `Secret` is referenced in the `spec.backupLocations.credential` block of the `DataProtectionApplication` CR when you install the Data Protection Application.