Step 1: Enable security in Portworx

This document guides you through enabling PX-Security in your cluster by adding a single flag to your StorageCluster object.


  • You must have Portworx Operator 1.4 or greater


The Operator includes first-class support for PX-Security in the StorageCluster spec. This means that the operator will auto-generate the following for you if security is enabled:

  • Shared Secret stored under the secret px-shared-secret
  • Admin token stored under the secret px-admin-token
  • User token stored under the secret px-user-token

Enabling Security in your cluster

  1. Enable security under of your StorageCluster:

    kind: StorageCluster
      name: portworx
      namespace: kube-system
      image: portworx/oci-monitor:
        enabled: true
  2. You can now apply the StorageCluster spec and wait until Portworx is ready.

Once you’ve enabled security in Portworx, continue to the next section.

Note: To use pxctl in this context, see use pxctl with security enabled. Otherwise, all pxctl commands will fail with an access denied error.

Last edited: Tuesday, May 9, 2023