---
title: Secret Agent operator
description: This page describes the legacy CDM implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to the current CDM implementation as soon as possible.
component: forgeops
version: 7.2
page_id: forgeops::legacy/cdm/aks/setup/secret-agent
canonical_url: https://docs.pingidentity.com/forgeops/7.2/legacy/cdm/aks/setup/secret-agent.html
section_ids:
  next_step: Next step
---

# Secret Agent operator

|   |                                                                                                                                                                                                                                       |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | This page describes the legacy CDM implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to [the current CDM implementation](../../../../cdm/overview.html) as soon as possible. |

Install ForgeRock's Secret Agent operator before you deploy the CDM.

Remember, [the CDM is a reference implementation and not for production use](../../../../start/start-here.html#cdm-sandbox). When you [create a project plan](../../../../start/start-here.html#planning), you'll need to determine how to manage secrets in production.

See [Secret Agent operator](../../../../how-to/security/secret-agent.html) for further details on the Secret Agent operator.

After you've finished deploying the CDM, you can use the CDM as a sandbox to explore secret management options.

To install the Secret Agent operator in your cluster:

```
$ kubectl apply -f https://github.com/ForgeRock/secret-agent/releases/latest/download/secret-agent.yaml
namespace/secret-agent-system created
customresourcedefinition.apiextensions.k8s.io/secretagentconfigurations.secret-agent.secrets.forgerock.io created
mutatingwebhookconfiguration.admissionregistration.k8s.io/secret-agent-mutating-webhook-configuration created
serviceaccount/secret-agent-manager-service-account created
role.rbac.authorization.k8s.io/secret-agent-leader-election-role created
clusterrole.rbac.authorization.k8s.io/secret-agent-manager-role created
rolebinding.rbac.authorization.k8s.io/secret-agent-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/secret-agent-manager-rolebinding created
service/secret-agent-webhook-service created
deployment.apps/secret-agent-controller-manager created
validatingwebhookconfiguration.admissionregistration.k8s.io/secret-agent-validating-webhook-configuration created
```

## Next step

* [icon: check-square-o, set=fa][Install third-party software](sw.html)

* [icon: check-square-o, set=fa][Set up an Azure subscription](subscription.html)

* [icon: check-square-o, set=fa][Get the forgeops repository](forgeops.html)

* [icon: check-square-o, set=fa][Create a Kubernetes cluster](cluster.html)

* [icon: check-square-o, set=fa][Install the Secret Agent operator](#)

* [icon: square-o, set=fa]*[Deploy the Ingress-NGINX controller](nginx.html)*

* [icon: square-o, set=fa][Deploy certificate manager](cert-manager.html)

* [icon: square-o, set=fa][Deploy Prometheus, Grafana, and Alertmanager](prometheus.html)

* [icon: square-o, set=fa][Prepare to push Docker images](push.html)