eclipse-che · dkwon17 · Mar 26, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
@@ -26,26 +26,31 @@ config:
     backupCronJob:
       enable: true
       registry:
-        authSecret: my-secret
+        authSecret: devworkspace-backup-registry-auth
         path: quay.io/my-company-org
       schedule: '0 */4 * * *'
     imagePullPolicy: Always
 ----
 <1> For Red Hat OpenShift, the default installation namespace for the {devworkspace} operator is `openshift-operators`. See the xref:devworkspace-operator.adoc[{devworkspace} operator overview].
 
-The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry.
+The `authSecret` must be named `devworkspace-backup-registry-auth`. It must reference a {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` that contains credentials to access the registry.
 The secret should be created in the installation {namespace} for the {devworkspace} operator.
 
 To create one, you can use the following command:
 
 [source,shell,subs="+attributes,+quotes"]
 ----
-kubectl create secret docker-registry my-secret --from-file=config.json
+{orch-cli} create secret docker-registry devworkspace-backup-registry-auth --from-file=config.json
 ----
 
 The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator.
 
 [source,shell,subs="+attributes,+quotes"]
 ----
-kubectl label secret my-secret controller.devfile.io/watch-secret=true
+kubectl label secret devworkspace-backup-registry-auth controller.devfile.io/watch-secret=true
 ----
+
+[WARNING]
+====
+The {devworkspace} Operator copies the `devworkspace-backup-registry-auth` secret to each {devworkspace} {namespace} so that backups from user workspaces can be pushed to the registry. If you do not want that secret copied automatically, create a `devworkspace-backup-registry-auth` secret with user-specific credentials in each {devworkspace} {namespace} instead.
+====