update k-api (#315 )

Signed-off-by: Foysal Iqbal <mqb@qlik.com>
fix access token encrypt (#313 )
2020-04-13 14:03:03 -04:00 · 2020-04-13 09:43:35 -04:00 · 2020-04-13 09:21:28 -04:00 · 2020-04-09 22:56:05 -04:00 · 2020-04-09 13:49:44 -04:00 · 2020-04-09 16:21:37 +02:00
38 changed files with 1254 additions and 889 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,4 +24,4 @@ jobs:
      shell: bash

    - run: make test
-    - run: make build
+    - run: make xbuild-all
--- a/12
+++ b/12
@@ -43,8 +43,8 @@ build: clean generate
 	go build -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $(BINDIR)/$(MIXIN)$(FILE_EXT) ./cmd/$(MIXIN)
 	$(MAKE) clean

-.PHONY: test
-test: clean generate
+.PHONY: test-setup
+test-setup: clean generate
 ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
 	$(eval TMP-docker-distribution := $(shell mktemp -d))
 	git clone https://github.com/docker/distribution.git $(TMP-docker-distribution)/docker-distribution
@@ -52,9 +52,17 @@ ifeq ($(shell ${WHICH} docker-registry 2>${DEVNUL}),)
 	cp $(TMP-docker-distribution)/docker-distribution/bin/registry pkg/qliksense/docker-registry
 	-rm -rf $(TMP-docker-distribution)
 endif
+
+.PHONY: test-short
+test-short: test-setup
 	go test -short -count=1 -tags "$(BUILDTAGS)" -v ./...
 	$(MAKE) clean

+.PHONY: test
+test: test-setup
+	go test -count=1 -tags "$(BUILDTAGS)" -v ./...
+	$(MAKE) clean
+
 xbuild-all: clean generate
 	$(foreach OS, $(SUPPORTED_PLATFORMS), \
 		$(foreach ARCH, $(SUPPORTED_ARCHES), \
--- a/cmd/qliksense/context.go
+++ b/cmd/qliksense/context.go
@@ -3,6 +3,7 @@ package main
 import (
 	"errors"
 	"fmt"
+	"os"

 	qapi "github.com/qlik-oss/sense-installer/pkg/api"

@@ -68,18 +69,30 @@ func setConfigsCmd(q *qliksense.Qliksense) *cobra.Command {
 	var (
 		cmd *cobra.Command
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-configs",
 		Short: "set configurations into the qliksense context as key-value pairs",
 		Example: `
 qliksense config set-configs <service_name>.<attribute>="<value>"
-    - The above configuration will be displayed in the CR
+		- The above configuration will be displayed in the CR
+qliksense config set-configs <service_name>.<attribute>="<value" --base64
+		- if the value is base64 encoded
+echo "something" | base64 | qliksense config set-configs <service_name>.<attribute> --base64
+	- value is coming from input pipe as base64 encoded
+echo "something" | qliksense config set-configs <service_name>.<attribute>
+	- value is coming from input pipe
+
 `,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetConfigs(args)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetConfigFromReader(args[0], os.Stdin, base64Encoded)
+			}
+			return q.SetConfigs(args, base64Encoded)
 		},
 	}
+	f := cmd.Flags()
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
 	return cmd
 }

@@ -88,7 +101,7 @@ func setSecretsCmd(q *qliksense.Qliksense) *cobra.Command {
 		cmd    *cobra.Command
 		secret bool
 	)
-
+	base64Encoded := false
 	cmd = &cobra.Command{
 		Use:   "set-secrets",
 		Short: "set secrets configurations into the qliksense context as key-value pairs",
@@ -101,13 +114,24 @@ qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=true
 qliksense config set-secrets <service_name>.<attribute>="<value>" --secret=false
 		- Encrypt the secret value and display it in the current context
 		- No secret resource is created
-        - The above configuration will be displayed in the CR `,
+		  - The above configuration will be displayed in the CR 
+qliksense config set-secrets <service_name>.<attribute>="<value>" --base64
+		- the <value> is base64 encoded
+echo "something" | base64 | qliksense config set-secrets <service_name>.<attribute> --base64
+		- value coming from input pipe as base64 encoded
+echo "something" | qliksense config set-secrets <service_name>.<attribute>
+		- value coming from input pipe`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.SetSecrets(args, secret)
+			if isInputFromPipe() && len(args) == 1 {
+				return q.SetSecretsFromReader(args[0], os.Stdin, secret, base64Encoded)
+			}
+			return q.SetSecrets(args, secret, base64Encoded)
 		},
 	}
 	f := cmd.Flags()
 	f.BoolVar(&secret, "secret", false, "Whether secrets should be encrypted as a Kubernetes Secret resource")
+	f.BoolVarP(&base64Encoded, "base64", "", false, "if the arguments value is base64 encoded")
+
 	return cmd
 }

--- a/cmd/qliksense/fetch.go
+++ b/cmd/qliksense/fetch.go
@@ -1,26 +1,30 @@
 package main

 import (
-	"errors"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 )

 func fetchCmd(q *qliksense.Qliksense) *cobra.Command {
+	opts := &qliksense.FetchCommandOptions{}
 	c := &cobra.Command{
 		Use:     "fetch",
-		Short:   "fetch a release from qliksense-k8s repo",
-		Long:    `fetch a release from qliksense-k8s repo`,
-		Example: `qliksense fetch <version>`,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return errors.New("requires a version (i.e. v1.0.0)")
-			}
-			return nil
-		},
+		Short:   "fetch a release from qliksense-k8s repo, if version not supplied, will use from context",
+		Long:    `fetch a release from qliksense-k8s repo, if version not supplied, will use from context`,
+		Example: `qliksense fetch [version]`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return q.FetchQK8s(args[0])
+			if len(args) == 1 {
+				opts.Version = args[0]
+			}
+			return q.FetchK8sWithOpts(opts)
 		},
 	}
+
+	f := c.Flags()
+	f.StringVarP(&opts.GitUrl, "url", "", "", "git url from where configuration will be pulled")
+	f.StringVarP(&opts.AccessToken, "accessToken", "", "", "access token for git url")
+	f.StringVarP(&opts.SecretName, "secretName", "", "", "kubernetes secret name where a key name accessToken exist")
+	f.BoolVarP(&opts.Overwrite, "overwrite", "", false, "Ovewrite previously fetched veersion as well as local chagnes")
+
 	return c
 }
--- a/cmd/qliksense/root.go
+++ b/cmd/qliksense/root.go
@@ -12,7 +12,6 @@ import (
 	"github.com/mitchellh/go-homedir"
 	"github.com/qlik-oss/sense-installer/pkg"
 	"github.com/qlik-oss/sense-installer/pkg/api"
-	"github.com/qlik-oss/sense-installer/pkg/preflight"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -101,7 +100,7 @@ func getRootCmd(p *qliksense.Qliksense) *cobra.Command {
 				if err := p.SetUpQliksenseDefaultContext(); err != nil {
 					panic(err)
 				}
-				pf := preflight.NewPreflightConfig(p.QliksenseHome)
+				pf := api.NewPreflightConfig(p.QliksenseHome)
 				if err := pf.Initialize(); err != nil {
 					panic(err)
 				}
--- a/go.mod
+++ b/go.mod
@@ -32,7 +32,6 @@ require (
 	github.com/gobuffalo/packr/v2 v2.7.1
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.3.3 // indirect
-	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
@@ -41,12 +40,14 @@ require (
 	github.com/mattn/go-tty v0.0.3
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/otiai10/copy v1.1.1
 	github.com/pkg/errors v0.8.1
-	github.com/qlik-oss/k-apis v0.0.34
+	github.com/qlik-oss/k-apis v0.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/rogpeppe/go-internal v1.5.2 // indirect
 	github.com/spf13/cobra v0.0.6
 	github.com/spf13/viper v1.6.1
+	github.com/src-d/go-git v4.7.0+incompatible
 	github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31
 	golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 // indirect
 	golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a // indirect
@@ -55,12 +56,12 @@ require (
 	golang.org/x/tools v0.0.0-20200312194400-c312e98713c2 // indirect
 	google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
 	google.golang.org/grpc v1.27.0 // indirect
+	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v2 v2.2.8
 	gopkg.in/yaml.v3 v3.0.0-20190924164351-c8b7dadae555
 	k8s.io/api v0.17.0
 	k8s.io/apimachinery v0.17.0
 	k8s.io/client-go v11.0.0+incompatible
-	k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
 	sigs.k8s.io/kustomize/api v0.3.2
 	sigs.k8s.io/yaml v1.1.0
 )
--- a/go.sum
+++ b/go.sum
@@ -792,6 +792,14 @@ github.com/opencontainers/selinux v1.3.0 h1:xsI95WzPZu5exzA6JzkLSfdr/DilzOhCJOqG
 github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
+github.com/otiai10/copy v1.1.1 h1:PH7IFlRQ6Fv9vYmuXbDRLdgTHoP1w483kPNUP2bskpo=
+github.com/otiai10/copy v1.1.1/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
+github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -852,10 +860,14 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/qlik-oss/k-apis v0.0.34 h1:lOC21wz/nNZNmSfTXZSJCOm1BulaZfdg7tAuYb7knAE=
-github.com/qlik-oss/k-apis v0.0.34/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a h1:Vzod5XB+e25ENy5Lse0pXNmSYSDFxSEYhH/6Sj7twPg=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200401055330-fa528324112a/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
+github.com/qlik-oss/k-apis v0.0.35 h1:LdxfN43UE4Fy4LAmFcsv2nXCuxfxowKY66rpUQHAyDU=
+github.com/qlik-oss/k-apis v0.0.35/go.mod h1:DNiWYqCqPIN216l7+1rccArNIYPb1Le7kYDcPSyNp+Q=
+github.com/qlik-oss/k-apis v0.0.36 h1:Ztd31rKn4uR3AQRb9QxYf1KEll4+Ku1E8DzCpplBw/g=
+github.com/qlik-oss/k-apis v0.0.36/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.0.39 h1:fIGCC7f9kU7319VTSJKr3fLoA9E4MjusRFmOjX3ypis=
+github.com/qlik-oss/k-apis v0.0.39/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
+github.com/qlik-oss/k-apis v0.1.0 h1:uMl1316SNYy5Hm6jy1U7wiCMkut0tKqdP8mBpSuXXp8=
+github.com/qlik-oss/k-apis v0.1.0/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36 h1:BuT+cnXPQ6mcOWTDS1S8GXy65LAEMdPuNQCC36rMq28=
 github.com/qlik-oss/kustomize/api v0.3.3-0.20200402170547-2e8140160c36/go.mod h1:tSQaDZ4Jt9KwYvD7LlMUPi5nkiGOno3PAKl5/XqEfxs=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
@@ -941,6 +953,8 @@ github.com/spf13/viper v1.6.1 h1:VPZzIkznI1YhVMRi6vNFLHSwhnhReBfgTxIPccpfdZk=
 github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
 github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
 github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/src-d/go-git v4.7.0+incompatible h1:IYSSnbAHeKmsfbQFi9ozbid+KNh0bKjlorMfQehQbcE=
+github.com/src-d/go-git v4.7.0+incompatible/go.mod h1:1bQciz+hn0jzPQNsYj0hDFZHLJBdV7gXE2mWhC7EkFk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
--- a/pkg/api/apis.go
+++ b/pkg/api/apis.go
@@ -1,11 +1,9 @@
 package api

 import (
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -23,6 +21,7 @@ const (
 	qliksenseContextsDirName = "contexts"
 	qliksenseSecretsDirName  = "secrets"
 	qliksenseEjsonDirName    = "ejson"
+	QLIK_GIT_REPO            = "https://github.com/qlik-oss/qliksense-k8s"
 )

 // NewQConfig create QliksenseConfig object from file ~/.qliksense/config.yaml
@@ -144,6 +143,66 @@ func (cr *QliksenseCR) IsRepoExist() bool {
 	return true
 }

+func (cr *QliksenseCR) GetFetchUrl() string {
+	if cr.Spec.FetchSource == nil || cr.Spec.FetchSource.Repository == "" {
+		return QLIK_GIT_REPO
+	}
+	return cr.Spec.FetchSource.Repository
+}
+
+func (cr *QliksenseCR) GetFetchAccessToken(encryptionKey string) string {
+	if cr.Spec.FetchSource == nil {
+		return ""
+	}
+	if tok, err := cr.Spec.FetchSource.GetAccessToken(); err != nil {
+		fmt.Println(err)
+		return ""
+	} else {
+		by, _ := b64.StdEncoding.DecodeString(tok)
+		res, err := DecryptData(by, encryptionKey)
+		if err != nil {
+			fmt.Println(err)
+			return ""
+		}
+		return string(res)
+	}
+}
+
+func (cr *QliksenseCR) SetFetchUrl(url string) {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	cr.Spec.FetchSource.Repository = url
+}
+
+func (cr *QliksenseCR) SetFetchAccessToken(token, encryptionKey string) error {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	res, err := EncryptData([]byte(token), encryptionKey)
+	if err != nil {
+		return err
+	}
+	cr.Spec.FetchSource.AccessToken = b64.StdEncoding.EncodeToString(res)
+	return nil
+}
+
+func (cr *QliksenseCR) SetFetchAccessSecretName(sec string) {
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	cr.Spec.FetchSource.SecretName = sec
+}
+
+//DeleteRepo delete the manifest repo and unset manifestsRoot
+func (cr *QliksenseCR) DeleteRepo() error {
+	if err := os.RemoveAll(cr.Spec.ManifestsRoot); err != nil {
+		return err
+	}
+	cr.Spec.ManifestsRoot = ""
+	return nil
+}
+
 func (qc *QliksenseConfig) IsRepoExist(contextName, version string) bool {
 	if _, err := os.Lstat(qc.BuildRepoPathForContext(contextName, version)); err != nil {
 		return false
@@ -158,6 +217,11 @@ func (qc *QliksenseConfig) IsRepoExistForCurrent(version string) bool {
 	return true
 }

+func (qc *QliksenseConfig) DeleteRepoForCurrent(version string) error {
+	path := qc.BuildRepoPath(version)
+	return os.RemoveAll(path)
+}
+
 func (qc *QliksenseConfig) BuildRepoPath(version string) string {
 	return qc.BuildRepoPathForContext(qc.Spec.CurrentContext, version)
 }
@@ -258,9 +322,9 @@ func (qc *QliksenseConfig) GetCurrentContextSecretsDir() (string, error) {
 func (qc *QliksenseConfig) setDockerConfigJsonSecret(filename string, dockerConfigJsonSecret *DockerConfigJsonSecret) error {
 	if secretsDir, err := qc.GetCurrentContextSecretsDir(); err != nil {
 		return err
-	} else if publicKey, _, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
+	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
 		return err
-	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(publicKey); err != nil {
+	} else if dockerConfigJsonSecretYaml, err := dockerConfigJsonSecret.ToYaml(encryptionKey); err != nil {
 		return err
 	} else if err := os.MkdirAll(secretsDir, os.ModePerm); err != nil {
 		return err
@@ -307,9 +371,9 @@ func (qc *QliksenseConfig) getDockerConfigJsonSecret(name string) (*DockerConfig
 		return nil, err
 	} else if dockerConfigJsonSecretYaml, err := ioutil.ReadFile(filepath.Join(secretsDir, name)); err != nil {
 		return nil, err
-	} else if _, privateKey, err := qc.GetCurrentContextEncryptionKeyPair(); err != nil {
+	} else if encryptionKey, err := qc.GetEncryptionKeyForCurrent(); err != nil {
 		return nil, err
-	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, privateKey); err != nil {
+	} else if err := dockerConfigJsonSecret.FromYaml(dockerConfigJsonSecretYaml, encryptionKey); err != nil {
 		return nil, err
 	}
 	return dockerConfigJsonSecret, nil
@@ -320,11 +384,11 @@ func (qc *QliksenseConfig) getCurrentContextEncryptionKeyPairLocation() (string,
 	if qcr, err := qc.GetCurrentCR(); err != nil {
 		return "", err
 	} else {
-		return qc.getContextEncryptionKeyPairLocation(qcr.GetName())
+		return qc.getContextEncryptionKeyLocation(qcr.GetName())
 	}
 }

-func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName string) (string, error) {
+func (qc *QliksenseConfig) getContextEncryptionKeyLocation(contextName string) (string, error) {
 	// Check env var: QLIKSENSE_KEY_LOCATION to determine location to store keypair
 	var secretKeyPairLocation string
 	if os.Getenv("QLIKSENSE_KEY_LOCATION") != "" {
@@ -334,9 +398,9 @@ func (qc *QliksenseConfig) getContextEncryptionKeyPairLocation(contextName strin
 		// QLIKSENSE_KEY_LOCATION has not been set, hence storing key pair in default location:
 		// /.qliksense/secrets/contexts/<current-context>/secrets/
 		secretKeyPairLocation = filepath.Join(qc.QliksenseHomePath, qliksenseSecretsDirName, qliksenseContextsDirName, contextName, qliksenseSecretsDirName)
-
 	}
-	return secretKeyPairLocation, nil
+
+	return secretKeyPairLocation, os.MkdirAll(secretKeyPairLocation, os.ModePerm)
 }

 func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
@@ -351,52 +415,25 @@ func (qc *QliksenseConfig) GetCurrentContextEjsonKeyDir() (string, error) {
 	}
 }

-func (qc *QliksenseConfig) GetCurrentContextEncryptionKeyPair() (*rsa.PublicKey, *rsa.PrivateKey, error) {
+func (qc *QliksenseConfig) GetEncryptionKeyForCurrent() (string, error) {
 	if qcr, err := qc.GetCurrentCR(); err != nil {
-		return nil, nil, err
+		return "", err
 	} else {
-		return qc.GetContextEncryptionKeyPair(qcr.GetName())
+		return qc.GetEncryptionKeyFor(qcr.GetName())
 	}
 }

-func (qc *QliksenseConfig) GetContextEncryptionKeyPair(contextName string) (*rsa.PublicKey, *rsa.PrivateKey, error) {
-	secretKeyPairLocation, err := qc.getContextEncryptionKeyPairLocation(contextName)
+func (qc *QliksenseConfig) GetEncryptionKeyFor(contextName string) (string, error) {
+	secretKeyLocation, err := qc.getContextEncryptionKeyLocation(contextName)
 	if err != nil {
-		return nil, nil, err
+		return "", err
 	}
-
-	publicKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePublicKey)
-	privateKeyFilePath := filepath.Join(secretKeyPairLocation, QliksensePrivateKey)
-	// try to create the dir if it doesn't exist
-	if !FileExists(publicKeyFilePath) || !FileExists(privateKeyFilePath) {
-		LogDebugMessage("Qliksense secretKeyLocation dir does not exist, creating it now: %s", secretKeyPairLocation)
-		if err := os.MkdirAll(secretKeyPairLocation, os.ModePerm); err != nil {
-			err = fmt.Errorf("Not able to create %s dir: %v", secretKeyPairLocation, err)
-			log.Println(err)
-			return nil, nil, err
-		}
-		// generating and storing key-pair
-		err1 := GenerateAndStoreSecretKeypair(secretKeyPairLocation)
-		if err1 != nil {
-			err1 = fmt.Errorf("Not able to generate and store key pair for encryption")
-			log.Println(err1)
-			return nil, nil, err1
-		}
-	}
-
-	if publicKeyBytes, err := ReadKeys(publicKeyFilePath); err != nil {
-		LogDebugMessage("Not able to read public key")
-		return nil, nil, err
-	} else if privateKeyBytes, err := ReadKeys(privateKeyFilePath); err != nil {
-		LogDebugMessage("Not able to read private key")
-		return nil, nil, err
-	} else if rsaPublicKey, err := DecodeToPublicKey(publicKeyBytes); err != nil {
-		return nil, nil, err
-	} else if rsaPrivateKey, err := DecodeToPrivateKey(privateKeyBytes); err != nil {
-		return nil, nil, err
-	} else {
-		return rsaPublicKey, rsaPrivateKey, nil
+	key, err := LoadSecretKey(secretKeyLocation)
+	if key != "" {
+		return key, nil
 	}
+	fmt.Println("Generating new encryption key for the context: " + contextName)
+	return GenerateAndStoreSecretKey(secretKeyLocation)
 }

 func (cr *QliksenseCR) AddLabelToCr(key, value string) {
@@ -469,7 +506,7 @@ func (cr *QliksenseCR) GetCustomCrdsPath() string {
 func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error) {
 	newCr := &QliksenseCR{}
 	copier.Copy(newCr, cr)
-	_, rsaPrivateKey, err := qc.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qc.GetEncryptionKeyFor(cr.GetName())
 	if err != nil {
 		return nil, err
 	}
@@ -482,7 +519,7 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 				if err != nil {
 					return nil, err
 				}
-				db, err := Decrypt(b, rsaPrivateKey)
+				db, err := DecryptData(b, encryptionKey)
 				if err != nil {
 					return nil, err
 				}
@@ -495,6 +532,11 @@ func (qc *QliksenseConfig) GetDecryptedCr(cr *QliksenseCR) (*QliksenseCR, error)
 		finalSecrets[k] = newNvs
 	}
 	newCr.Spec.Secrets = finalSecrets
+
+	if newCr.Spec.FetchSource != nil && newCr.Spec.FetchSource.AccessToken != "" {
+		decData := cr.GetFetchAccessToken(encryptionKey)
+		newCr.Spec.FetchSource.AccessToken = decData
+	}
 	return newCr, nil
 }

--- a/pkg/api/apis_test.go
+++ b/pkg/api/apis_test.go
@@ -1,6 +1,7 @@
 package api

 import (
+	b64 "encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -52,12 +53,6 @@ spec:
    qliksense:
      - name: acceptEULA
        value: "yes"
-  secrets:
-    qliksense:
-    - name: mongoDbUri
-      # this is rsa encrypted value, the pub and pri keys are in setuPublicAndPrivateKey() method
-      # actual value: mongodb://qlik-default-mongodb:27017/qliksense?ssl=false
-      value: n/pDi7Z/A3i16cAHFFwMp19/egNKc8WZxm6MKHLT/B1DMv3U6pDXWyXT5fYYDV1wDTO3Vk43yECST1UgZYmMpgUOwgSfGgqTVi2VqS0JQsnwI+Twwhnvha8RJANX8b/XIoSFVWaOgy7+RP35ZkvOqHdCfC2aT8JMIHgBQqqCbsNgimCuRSxi0klR000ic/Tp5PYSz5mD+WLrkPw2FbS0OVBsQ/hIp5GZrmVpvEOZdbT63Sz+n/G4Br6GTv2LkZcU7JBuKQm2wfB+mRjJmJnNrPawLfn2UZ89Rz0BLwIy+6b24/RoIUgoNowfGkJreGiwItGK8fjCcx11oavK/yAo6pYZXCcru46pmHbxxle1OlkdTKkG6EVtJuKjSZXtVmBHZYRFzsR7HnAiXnL7QzSEcS7ieZlQvTmNLfpidJhK199oSbyKREqXGl2S8DzPKM9RLccVbQTy6X8qWimP3MYCnO4K0KoQnNQAgfuV8ZxnvdDecByLDPIpmFMGy0Xm9pUZWxmSoDBq+p5WBI2HdCX2gCYVv5yxS2iBqO5SMKo8iOglHtPI9NIMvloERdN1vZtxSRkY5uDEfrU9ysYwfayEXxvXmdWv0HxlotcgUinP02j7k+OfIapTmY/jGfvF4euyCGRKuJ9JlSD9pIiRdAcekjL6hCxXLJLdajCV4sL/YDo=
 `
 	ctx1Dir := filepath.Join(homeDir, "contexts", "contx1")
 	crFile := filepath.Join(ctx1Dir, "contx1.yaml")
@@ -106,13 +101,16 @@ func TestGetDecryptedCr(t *testing.T) {
 		t.Fail()
 		t.Log(e)
 	}
-	qcr, err := qct.GetCurrentCR()
-	if err != nil {
-		t.Fail()
-		t.Log(err)
-	}

-	setuPublicAndPrivateKey(dir)
+	qcr, err := qct.GetCurrentCR()
+
+	key, _ := setupGenerateKey(dir)
+	ecn, _ := EncryptData([]byte("mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"), key)
+	b := b64.StdEncoding.EncodeToString(ecn)
+	qcr.Spec.AddToSecrets("qliksense", "mongoDbUri", b, "")
+
+	qcr.SetFetchAccessToken("mytoken", key)
+
 	newCr, err := qct.GetDecryptedCr(qcr)
 	if err != nil {
 		t.Fail()
@@ -129,77 +127,12 @@ func TestGetDecryptedCr(t *testing.T) {
 	if decryptedValue == orignalValue {
 		t.Fail()
 	}
+	if newCr.Spec.FetchSource.AccessToken != "mytoken" {
+		t.Fail()
+	}
 	td()
 }
-func setuPublicAndPrivateKey(homeDir string) ([]byte, []byte, error) {
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
-1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
-Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
-O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
-1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
-F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
-uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
-K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
-MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
-FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
-PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
-AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
-pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
-yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
-9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
-odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
-GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
-4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
-Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
-EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
-W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
-zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
-MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
-SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
-qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
-c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
-SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
-qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
-BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
-/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
-wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
-Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
-jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
-/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
-iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
-xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
-wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
-IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
-ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
-4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
-Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
-fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
-4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
-9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
-o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
-02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
-VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
-4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
-Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
-----END RSA PRIVATE KEY-----
-`)
-
-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
-+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
-UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
-ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
-sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
-+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
-Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
-iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
-ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
-golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
-wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
-MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
-----END RSA PUBLIC KEY-----
-`)
+func setupGenerateKey(homeDir string) (string, error) {
 	secretKeyPairDir := filepath.Join(homeDir, "secrets", "contexts", "contx1", "secrets")
 	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
@@ -207,19 +140,33 @@ MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
 	}
 	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)

-	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
-	// construct and write priv key file into secretsDir location
-	err := ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, err
+	key, _ := LoadSecretKey(secretKeyPairDir)
+
+	if key == "" {
+		return GenerateAndStoreSecretKey(secretKeyPairDir)
 	}
-	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
-	// construct and write pub key file into secretsDir location
-	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, err
-	}
-	return publicKeyBytes, privKeyBytes, nil
+	return key, nil
+}
+
+func Test_set_and_get_fetch_access_token(t *testing.T) {
+	td, homeDir := setup()
+	defer td()
+	createCRFile(homeDir)
+	crFile := filepath.Join("contexts", "contx1", "contx1.yaml")
+	qConfig := NewQConfig(homeDir)
+	newQ, _ := qConfig.SetCrLocation("contx1", crFile)
+	newQ.Write()
+	qConfig = NewQConfig(homeDir)
+	qcr, _ := qConfig.GetCurrentCR()
+	key, _ := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err := qcr.SetFetchAccessToken("mytokenbeforeencryption", key); err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	tok := qcr.GetFetchAccessToken(key)
+	if tok != "mytokenbeforeencryption" {
+		t.Log("Expected: mytokenbeforeencryption, got: " + tok)
+		t.Fail()
+	}
+
 }
--- a/pkg/api/copy.go
+++ b/pkg/api/copy.go
@@ -0,0 +1,8 @@
+package api
+
+import "github.com/otiai10/copy"
+
+//copy source directory to destination
+func CopyDirectory(source string, dest string) error {
+	return copy.Copy(source, dest)
+}
--- a/pkg/api/copy_test.go
+++ b/pkg/api/copy_test.go
@@ -0,0 +1,101 @@
+package api
+
+import (
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"testing"
+
+	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/api/types"
+)
+
+func TestCopyDirectory(t *testing.T) {
+	src, _ := ioutil.TempDir("", "")
+	f1, _ := ioutil.TempFile(src, "")
+	ioutil.TempFile(src, "")
+
+	dest, _ := ioutil.TempDir("", "")
+	CopyDirectory(src, dest)
+	if _, err := os.Lstat(filepath.Join(dest, filepath.Base(f1.Name()))); err != nil {
+		t.Log(err)
+		t.Fail()
+	}
+}
+
+func TestCopyDirectory_withGit_withKuz(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skipping in short test mode")
+	}
+
+	tmpDir1, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer os.RemoveAll(tmpDir1)
+
+	tmpDir2, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer os.RemoveAll(tmpDir2)
+
+	repoPath1 := path.Join(tmpDir1, "repo")
+	repo1, err := kapis_git.CloneRepository(repoPath1, "https://github.com/qlik-oss/qliksense-k8s", nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := CopyDirectory(repoPath1, tmpDir2); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repoPath2 := tmpDir2
+	repo2, err := kapis_git.OpenRepository(repoPath2)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := kapis_git.Checkout(repo2, "v0.0.2", "", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repo2Manifest, err := kuz(path.Join(repoPath2, "manifests", "docker-desktop"))
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := kapis_git.Checkout(repo1, "v0.0.2", "", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	repo1Manifest, err := kuz(path.Join(repoPath1, "manifests", "docker-desktop"))
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if string(repo2Manifest) != string(repo1Manifest) {
+		t.Logf("manifest generated on the original config:\n%v", string(repo1Manifest))
+		t.Logf("manifest generated on the copied config:\n%v", string(repo2Manifest))
+		t.Fatal("expected manifests to be equal, but they were not")
+	}
+}
+
+func kuz(directory string) ([]byte, error) {
+	options := &krusty.Options{
+		DoLegacyResourceSort: false,
+		LoadRestrictions:     types.LoadRestrictionsNone,
+		DoPrune:              false,
+		PluginConfig:         konfig.DisabledPluginConfig(),
+	}
+	k := krusty.MakeKustomizer(filesys.MakeFsOnDisk(), options)
+	resMap, err := k.Run(directory)
+	if err != nil {
+		return nil, err
+	}
+	return resMap.AsYaml()
+}
--- a/pkg/api/docker_registry_secret.go
+++ b/pkg/api/docker_registry_secret.go
@@ -1,7 +1,6 @@
 package api

 import (
-	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -27,14 +26,14 @@ func (kdcjt *k8sDockerConfigJsonType) GenerateAuth() {
 }

 type DockerConfigJsonSecret struct {
-	Name      string
-	Uri       string
-	Username  string
-	Password  string
-	Email     string
+	Name     string
+	Uri      string
+	Username string
+	Password string
+	Email    string
 }

-func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, error) {
+func (d *DockerConfigJsonSecret) ToYaml(encryptionKey string) ([]byte, error) {
 	k8sDockerConfigJson := k8sDockerConfigJsonType{
 		Username: d.Username,
 		Password: d.Password,
@@ -51,8 +50,8 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 		return nil, err
 	}
 	var k8sDockerConfigJsonMapMaybeEncryptedBytes []byte
-	if encryptionKey != nil {
-		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = Encrypt(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
+	if encryptionKey != "" {
+		if k8sDockerConfigJsonMapMaybeEncryptedBytes, err = EncryptData(k8sDockerConfigJsonMapBytes, encryptionKey); err != nil {
 			return nil, err
 		}
 	} else {
@@ -65,7 +64,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 			Kind:       "Secret",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      d.Name,
+			Name: d.Name,
 		},
 		Type: v1.SecretTypeDockerConfigJson,
 		Data: map[string][]byte{
@@ -76,7 +75,7 @@ func (d *DockerConfigJsonSecret) ToYaml(encryptionKey *rsa.PublicKey) ([]byte, e
 	return K8sSecretToYaml(k8sSecret)
 }

-func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa.PrivateKey) error {
+func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey string) error {
 	k8sDockerConfigJsonMap := k8sDockerConfigJsonMapType{}
 	if k8sSecret, err := K8sSecretFromYaml(secretBytes); err != nil {
 		return err
@@ -86,7 +85,7 @@ func (d *DockerConfigJsonSecret) FromYaml(secretBytes []byte, decryptionKey *rsa
 		return errors.New("not a kubernetes.io/dockerconfigjson type")
 	} else if k8sDockerConfigJsonMapEncryptedBytes, ok := k8sSecret.Data[".dockerconfigjson"]; !ok {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
-	} else if k8sDockerConfigJsonMapBytes, err := Decrypt(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
+	} else if k8sDockerConfigJsonMapBytes, err := DecryptData(k8sDockerConfigJsonMapEncryptedBytes, decryptionKey); err != nil {
 		return errors.New("secret data is missing a value for the .dockerconfigjson key")
 	} else if err := json.Unmarshal(k8sDockerConfigJsonMapBytes, &k8sDockerConfigJsonMap); err != nil {
 		return err
--- a/pkg/api/docker_registry_secret_test.go
+++ b/pkg/api/docker_registry_secret_test.go
@@ -1,8 +1,6 @@
 package api

 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -14,21 +12,21 @@ import (

 func TestDockerConfigJsonSecret(t *testing.T) {
 	dockerConfigJsonSecret := DockerConfigJsonSecret{
-		Name:      "some-name",
-		Uri:       "some-uri",
-		Username:  "some-username",
-		Password:  "some-password",
-		Email:     "some-email",
+		Name:     "some-name",
+		Uri:      "some-uri",
+		Username: "some-username",
+		Password: "some-password",
+		Email:    "some-email",
 	}
 	dockerConfigJsonSecretFromYaml := DockerConfigJsonSecret{}
 	validYamlMap := map[string]interface{}{}

-	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
+	encryptionKey, err := GenerateKey()
 	if err != nil {
 		t.Fatalf("error generating RSA private key: %v\n", err)
 	}

-	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(&privateKey.PublicKey)
+	dockerConfigJsonSecretYamlBytes, err := dockerConfigJsonSecret.ToYaml(encryptionKey)
 	dockerConfigJsonMap := map[string]interface{}{}
 	if err != nil {
 		t.Fatalf("error converting secret to yaml: %v", err)
@@ -43,7 +41,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 		t.Fatalf("no .dockerconfigjson data key in the secret yaml: %v", string(dockerConfigJsonSecretYamlBytes))
 	} else if dockerConfigJsonEncryptedBytes, err := base64.StdEncoding.DecodeString(dockerConfigJsonBytesBase64.(string)); err != nil {
 		t.Fatalf("error decoding dockerConfigJsonBytes from base64: %v", err)
-	} else if dockerConfigJsonBytes, err := Decrypt(dockerConfigJsonEncryptedBytes, privateKey); err != nil {
+	} else if dockerConfigJsonBytes, err := DecryptData(dockerConfigJsonEncryptedBytes, encryptionKey); err != nil {
 		t.Fatalf("error decrypting dockerConfigJsonBytes: %v", err)
 	} else if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJsonMap); err != nil {
 		t.Fatalf("error unmarshalling dockerConfigJson from json: %v", err)
@@ -63,7 +61,7 @@ func TestDockerConfigJsonSecret(t *testing.T) {
 	}

 	t.Logf("dockerConfigJsonSecretYaml: \n%v\n", string(dockerConfigJsonSecretYamlBytes))
-	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, privateKey); err != nil {
+	if err := dockerConfigJsonSecretFromYaml.FromYaml(dockerConfigJsonSecretYamlBytes, encryptionKey); err != nil {
 		t.Fatalf("error reading secret in from yaml: %v", err)
 	} else if !reflect.DeepEqual(dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml) {
 		t.Fatalf("secret: %v does not equal secret: %v", dockerConfigJsonSecret, dockerConfigJsonSecretFromYaml)
--- a/pkg/api/encryption.go
+++ b/pkg/api/encryption.go
@@ -1,58 +1,42 @@
 package api

 import (
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
+	"encoding/hex"
+	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"path/filepath"
 )

 const (
-	RSA_KEY_LENGTH = 4096
-
-	QliksensePublicKey  = "qliksensePub"
-	QliksensePrivateKey = "qliksensePriv"
+	key_file_name = "user_secret_key"
 )

-// GenerateAndStoreSecretKeypair generates and stores key pairs
-func GenerateAndStoreSecretKeypair(secretsPath string) error {
-	LogDebugMessage("%s exists", secretsPath)
-	// creating contexts/qlik-default/secrets/qliksensePub and contexts/qlik-default/secrets/qliksensePriv files
-	publicKeyFilePath := filepath.Join(secretsPath, QliksensePublicKey)
-	privateKeyFilePath := filepath.Join(secretsPath, QliksensePrivateKey)
-	LogDebugMessage("Generating public-private key pair.....")
-	GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath)
-	LogDebugMessage("Generated public-private key pairs")
-
-	return nil
-}
-
-// GenerateRSAEncryptionKeys is used to generate a new public-private key pair
-func GenerateRSAEncryptionKeys(publicKeyFilePath, privateKeyFilePath string) error {
-	LogDebugMessage("Generating new RSA key pair")
-	privateKey, err := rsa.GenerateKey(rand.Reader, RSA_KEY_LENGTH)
+// GenerateAndStoreSecretKey generates and stores key
+func GenerateAndStoreSecretKey(secretsDir string) (string, error) {
+	// creating contexts/qlik-default/secrets/user_secret_key
+	keyFile := filepath.Join(secretsDir, key_file_name)
+	key, err := GenerateKey()
 	if err != nil {
-		log.Printf("error generating RSA private key: %v\n", err)
-		return err
+		return "", err
 	}
-
-	privateKeyPEM := EncodePrivateKey(privateKey)
-	if err := writeContentToFile(privateKeyPEM, privateKeyFilePath); err != nil {
-		return err
+	if err := writeContentToFile([]byte(key), keyFile); err != nil {
+		return "", err
 	}
-	pubKeyPEM, err2 := EncodePublicKey(&privateKey.PublicKey)
-	if err2 != nil {
-		log.Printf("error occurred when encoding public key: %v\n", err2)
-		return err2
+	return key, nil
+}
+func LoadSecretKey(secretsDir string) (string, error) {
+	keyFile := filepath.Join(secretsDir, key_file_name)
+	by, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return "", err
 	}
-	if err := writeContentToFile(pubKeyPEM, publicKeyFilePath); err != nil {
-		return err
-	}
-	return nil
+	return string(by), nil
 }

 // writeContentToFile writes keys to a file
@@ -65,104 +49,54 @@ func writeContentToFile(keyData []byte, fileName string) error {
 	return nil
 }

-// Encrypt encrypts data with public key
-func Encrypt(pt []byte, pub *rsa.PublicKey) ([]byte, error) {
-	//hash := sha512.New()
-	//ct, err := rsa.EncryptOAEP(hash, rand.Reader, pub, pt, nil)
-	ct, err := rsa.EncryptPKCS1v15(rand.Reader, pub, pt)
+func GenerateKey() (string, error) {
+	salt := make([]byte, 32)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+	s := fmt.Sprintf("%x", salt)
+	return s, nil
+}
+
+func EncryptData(plaintext []byte, userKey string) ([]byte, error) {
+	key, _ := hex.DecodeString(userKey)
+
+	block, err := aes.NewCipher(key)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return ct, nil
-}

-// Decrypt decrypts data with private key
-func Decrypt(ct []byte, priv *rsa.PrivateKey) ([]byte, error) {
-	// hash := sha512.New()
-	// plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
-	pt, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ct)
+	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return pt, nil
+	nonce := make([]byte, aesgcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return nil, err
+	}
+
+	return aesgcm.Seal(nonce, nonce, plaintext, nil), nil
 }

-// EncodePrivateKey private key to bytes
-func EncodePrivateKey(priv *rsa.PrivateKey) []byte {
-	privBytes := pem.EncodeToMemory(
-		&pem.Block{
-			Type:  "RSA PRIVATE KEY",
-			Bytes: x509.MarshalPKCS1PrivateKey(priv),
-		},
-	)
-
-	return privBytes
-}
-
-// EncodePublicKey public key to bytes
-func EncodePublicKey(pub *rsa.PublicKey) ([]byte, error) {
-	pubASN1, err := x509.MarshalPKIXPublicKey(pub)
+func DecryptData(ciphertext []byte, userKey string) ([]byte, error) {
+	key, _ := hex.DecodeString(userKey)
+	block, err := aes.NewCipher(key)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}

-	pubBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "RSA PUBLIC KEY",
-		Bytes: pubASN1,
-	})
-
-	return pubBytes, nil
-}
-
-// DecodeToPrivateKey bytes to private key
-func DecodeToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
-	block, _ := pem.Decode(priv)
-	enc := x509.IsEncryptedPEMBlock(block)
-	b := block.Bytes
-	var err error
-	if enc {
-		log.Println("is encrypted pem block")
-		b, err = x509.DecryptPEMBlock(block, nil)
-		if err != nil {
-			log.Println(err)
-			return nil, err
-		}
-	}
-	key, err := x509.ParsePKCS1PrivateKey(b)
+	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	return key, nil
-}
-
-// DecodeToPublicKey bytes to public key
-func DecodeToPublicKey(pub []byte) (*rsa.PublicKey, error) {
-	block, _ := pem.Decode(pub)
-	enc := x509.IsEncryptedPEMBlock(block)
-	b := block.Bytes
-	var err error
-	if enc {
-		log.Println("is encrypted pem block")
-		b, err = x509.DecryptPEMBlock(block, nil)
-		if err != nil {
-			log.Println(err)
-			return nil, err
-		}
+	nonceSize := aesgcm.NonceSize()
+	if len(ciphertext) < nonceSize {
+		return nil, errors.New("ciphertext too short")
 	}
-	iface, err := x509.ParsePKIXPublicKey(b)
+	nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
+	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
-		log.Println(err)
 		return nil, err
 	}
-	key, ok := iface.(*rsa.PublicKey)
-	if !ok {
-		err := fmt.Errorf("Unable to decode public key")
-		log.Println(err)
-		return nil, err
-	}
-	return key, nil
+	return plaintext, nil
 }
--- a/pkg/api/encryption_test.go
+++ b/pkg/api/encryption_test.go
@@ -1,128 +1,29 @@
 package api

 import (
-	"encoding/base64"
-	"log"
-	"os"
 	"testing"
 )

-func Test_generateRSAEncryptionKeys(t *testing.T) {
-	tests := []struct {
-		name    string
-		wantErr bool
-	}{
-		{
-			name:    "valid case",
-			wantErr: false,
-		},
+func Test_encrypt_decrypt(t *testing.T) {
+	key, err := GenerateKey()
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
 	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if err := GenerateAndStoreSecretKeypair(os.TempDir()); (err != nil) != tt.wantErr {
-				t.Errorf("generateRSAEncryptionKeys() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
-
-func Test_encryption_decryption(t *testing.T) {
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAwUCimKCidbF3UxEHPy8K+hvhklRB9JYhj5sJy0if4lTVibkK
-1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YHUxOra6vVQaVcOVJhTM8D18d+lSr3
-Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZKynEXMkFI9/wNMOwPOvQFOSTuoEoC
-O+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudxsAr7ESRXW9QTHVh6uWmr3VRKZHby
-1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw+zzOetZ/+t7/VOkOpNTeJQhwTM1W
-F7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3GIx2bp2p6oh0G3N2zpiLcK/aZj8ro
-uWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6hiPQCJaLBED8mwK+I5evIbnKv6E6u
-K+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5ZrI+IQARdXD3bb34oh0IPBhClnvv
-MUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwengolMVKFwPx1o37qrbmrXID21kKt7
-FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BIwvPuUW0vZHkvO80VyV2L63whVhPn
-PASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834MFxk1pS9LMa/WnzvFr0gWakCAwEA
-AQKCAgARSp9B2N2wejibDiL/3E23I1eDqFZedDB8kPrHXbAwqDaTJCN79spt9TaB
-pVXkQaYEV/Pe7EDdoX8kKGU/QxzUqiXkdHOYdBtUZbKfFMbbP9ZrsnR7j0r4UpoF
-yDH3hprU93E5PcNAtW2M0GpeT1nR01yn+n908PCdOAIE3GC7RDq1zOl2QzVLL55R
-9ATv2Q2oTvJ/ETc7XlGVMx4+e2cIwXLFjeLjLI6pSYlxnarrGuetJZeEviWxto9n
-odFVZI6yx8JFTXX8ZTCr/1IjwDDVyhMPmrHI2Lsv9cqBpSpbVe32cUkKxhsGaYjz
-GvesQKamOPhco2ATNxPm0yopFlPsGKMfVl0BK0J6BqFh1BvU/SYJmXfnFuUNO3vV
-4u2Saa0q1iddxV0rXDwIqUfn+S6rwzK0G7y8bH2yvpB2VwiG3TFPnULep4wsefNq
-Fj92kqFBjacGpQLEEslUY0CMgeZ2+NuBQSUTscP3wBRsottMR6YXJtINdvfHBx+e
-EcN71z8D00w3mYqIQ7qb4Ml6HOqknunn58g43L9sACMUMTlEBXa9pUnScNYgWBAz
-W2q2mH37cIydM2JRZPpA8B4yTHt5ugJmChwyNFM7941arjKrebH+6AzLkofGedOP
-zg+vZQuPEXWs+3MBBnkWoyJW3Y0fbQdjsuQTtnd+7iyoxoBroQKCAQEA4dIiFlIS
-MDfRhQQWSiDvaw9aneDEJ3uo63ZRH5tm/IynLgtjYgEm/ZxlBCQgqRKLYELBxhu8
-SaF0uPK8pmpFJt0mIwSlsdeVhuE2obQeKUCczaqrKeaHS3PdWLjTlwph81BGRkHy
-qfqtNylyyMxrdEbnR51EtsWgFq6anTUAui1Q09JMuMNZRMOzDs1F4gExgD22rc0V
-c9YQ+jHJRxBGtNKMpMEqc8cvaxBidbItrN9SMTSWog7uYPBuEuaJ6K9vpgyJMOzJ
-SYcQEFGqgIqIDCg+ABE4d/4YROMKZ1DV/bJCind9brUHSx6XALsF0nC5c1Q9TnUL
-qI2khOwts4KYKwKCAQEA2xRC6Az97Vkdzu7BjLJ1FKmx4S2nEEgVS12ds82U+5Xf
-BHKAJnjqlqmmpzzJG+d77IYktz0+mey1QCNkqlm2fhuKs8LZMnpZRf0l8VcoBsUP
-/xKz7wfiE7RRFZtLJhPp4hhe43GzX5/JFMWMnC6UykwQbj4t1E/GNM/Suqwvg12M
-wktAJ6nqLgfhjQSO4xWo+nPzcbX+fNtrPCZVrBhYXihhcwRRNImWUCGJ6J4LMdPY
-Y9Z59qhOvE9cReH/Xw1av46omyiSyAqlgPyZ/kzA2IJSqYCjiQR/2+RD/g13jpcJ
-jatXLVZ8MJSL5OTS40G/HHTNNpNHbKKh0GOyxBA3ewKCAQBAn8UXhCcmW2L/YPsL
-/b7mcX9qPP+FmRLvR23R0MQ5M/tH5wRq8I969n3GIJykJeVzB8eybQ+GNslTgEvS
-iAkAJTubu+G7MkndTqg2wHf9MDtvdA8Fr646Po8yq7oJuHPtkKR7yLWsRUu6xIbP
-xgheP0hCq1QVxhqZQyCGKrvpi7xc0gsYuPbcAfFFJCOCmPrUi1SzCkTAYJt9LjA+
-wP6rErIjGBCRD4iXaBn1OqdtmH9KC5WsDP/VCBlIGWeQCly2NVIxiSHVg+xp7yUP
-IhXq/L05gbQaSsIhPKQmivCiaJg4The8TdwneDqYf+0bmxzHT203/bD3bImPbJNr
-ksz/AoIBAEwu4Y1cZzkQUmNRd5D7xecnk6ngfEYXKwCIT3zlMrfCSEl9n77BMaKu
-4Dsr0iuX9eosQ7xM2eYhAG6LYEg05lc4MKWOToVVMpI6E+W3Dz47bPKgiF3I+f8s
-Jz5CQIG/TwfGvciOE3hfUkec4ua09BzdEqGjkcBQ9XYMBxXPJr6h2379OBQS7FKR
-fwfQ2/dv4tElXTTfut2kV8gU9Jnh5Wjo1epvR+XjKpg28YQo4W+0YX1magcyRB8L
-4eSTUIC3XiVa8Jr0IwbZXPBb5xkdi7o+p4w2JahSHjxTRqmj+T1mnHXdbXVgq9Mg
-9Pzl7cgFZvX4UBx4XtASRf73jITNtt0CggEADH9K+O7FrIOSQly0sMvsRCMtejp3
-o+MDh1Q+vEg2kEgNXjS4ZFVljUpM2kg1OdUz7feS4dLXUJiIQ8ZWtZPedcq7wjHd
-02he5+s06l0jPifN3tX1ADfXGpXg5R2fbkrIzakkPP5/RO/aDxIUo7qhklNsVTXO
-VlGGfWLdk0ekA4upKm02Q1+YOlbIcAicEYYY8K7IffUwnohzKwL9yfuGi1VKTXpE
-4fzdegsHI03FSqR7V+LvtBpIupQ7RO4kuBmCEyI4E9FVknchg4te4gO3qwd9y0rJ
-Gu7HNIOrwOHzviI7J6Nd/l9MmeKqklHSgJvko/f5TmiXuQQ8xDZf84rcjQ==
-----END RSA PRIVATE KEY-----
-`)
-
-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwUCimKCidbF3UxEHPy8K
-+hvhklRB9JYhj5sJy0if4lTVibkK1MrYCykOnmC40pPU9GLY1b8HxAg9tvyRn0YH
-UxOra6vVQaVcOVJhTM8D18d+lSr3Lp1yiX+UGT4nzWI9+R1CCbwXrqeQVoZs6QZK
-ynEXMkFI9/wNMOwPOvQFOSTuoEoCO+zyTyUWEkNbUq825ELUQdIsjgmlWUOONudx
-sAr7ESRXW9QTHVh6uWmr3VRKZHby1JdU3I/wjdlGg5M2dDuXy5nQO9w/nYLjJXiw
-+zzOetZ/+t7/VOkOpNTeJQhwTM1WF7Y2VLetbi9FHgyzHatrduh07+XEiTbgDf3G
-Ix2bp2p6oh0G3N2zpiLcK/aZj8rouWWydfFfsU3MZ4FfJDP8I6b9awxjmKYqIr6h
-iPQCJaLBED8mwK+I5evIbnKv6E6uK+BApWA/R7ElragoFYbqQ1VpvntVMtJt9Dy5
-ZrI+IQARdXD3bb34oh0IPBhClnvvMUc1cWxDoXEX6oJ4I+LzxE87Zkwnan9qOwen
-golMVKFwPx1o37qrbmrXID21kKt7FL6xN4HxHLkItr1fKzdyWDFRHgASTAWfx5BI
-wvPuUW0vZHkvO80VyV2L63whVhPnPASmFkbviomrBttYfpr2aGQqF/qR1Nlxe834
-MFxk1pS9LMa/WnzvFr0gWakCAwEAAQ==
-----END RSA PUBLIC KEY-----
-`)
-	origStr := "Value1234"
-
-	pubKey, err := DecodeToPublicKey(publicKeyBytes)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	privKey, err := DecodeToPrivateKey(privKeyBytes)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	encData, err := Encrypt([]byte(origStr), pubKey)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-
-	encDataStr := base64.StdEncoding.EncodeToString(encData)
-	log.Println("Encoded text:", encDataStr)
-	dec, _ := base64.StdEncoding.DecodeString(encDataStr)
-	data, err := Decrypt(dec, privKey)
-	if err != nil {
-		t.Error(err)
-		t.FailNow()
-	}
-	if string(data) != origStr {
-		t.Error("original string and decrypted string don't match")
-		t.FailNow()
+	testData := "this is a secret value"
+	enc, err := EncryptData([]byte(testData), key)
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	dec, err := DecryptData(enc, key)
+	if err != nil {
+		t.Log(err)
+		t.FailNow()
+	}
+	if testData != string(dec) {
+		t.Log("expected: " + testData)
+		t.Log("actual: " + string(dec))
+		t.Fail()
 	}
 }
--- a/pkg/preflight/preflight_apis.go
+++ b/pkg/preflight/preflight_apis.go
@@ -1,10 +1,9 @@
-package preflight
+package api

 import (
 	"os"
 	"path/filepath"

-	api "github.com/qlik-oss/sense-installer/pkg/api"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

@@ -44,7 +43,7 @@ func NewPreflightConfig(qHome string) *PreflightConfig {
 		return p
 	}
 	p = &PreflightConfig{}
-	if err := api.ReadFromFile(p, conFile); err != nil {
+	if err := ReadFromFile(p, conFile); err != nil {
 		return nil
 	}
 	return p
@@ -61,7 +60,7 @@ func (p *PreflightConfig) Write() error {
 	if err := os.MkdirAll(pDir, os.ModePerm); err != nil {
 		return err
 	}
-	return api.WriteToFile(p, p.GetConfigFilePath())
+	return WriteToFile(p, p.GetConfigFilePath())
 }

 func (p *PreflightConfig) AddMinK8sV(version string) {
@@ -105,5 +104,6 @@ func (p *PreflightConfig) Initialize() error {
 	p.AddMinK8sV("1.15")
 	p.AddImage("nginx", "nginx")
 	p.AddImage("netcat", "subfuzion/netcat")
+	p.AddImage("mongo", "mongo")
 	return p.Write()
 }
--- a/pkg/preflight/preflight_apis_test.go
+++ b/pkg/preflight/preflight_apis_test.go
@@ -1,10 +1,8 @@
-package preflight
+package api

 import (
 	"io/ioutil"
 	"testing"
-
-	api "github.com/qlik-oss/sense-installer/pkg/api"
 )

 func Test_Initalize(t *testing.T) {
@@ -21,7 +19,7 @@ func Test_Initalize(t *testing.T) {
 	p := &PreflightConfig{
 		QliksenseHomePath: tempDir,
 	}
-	if err := api.ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
+	if err := ReadFromFile(p, pf.GetConfigFilePath()); err != nil {
 		t.Log(err)
 		t.FailNow()
 	}
--- a/pkg/api/utils.go
+++ b/pkg/api/utils.go
@@ -4,6 +4,7 @@ import (
 	"archive/tar"
 	"archive/zip"
 	"compress/gzip"
+	b64 "encoding/base64"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -11,7 +12,6 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"regexp"
 	"strings"
 	"time"

@@ -62,27 +62,38 @@ func ReadKeys(keyFile string) ([]byte, error) {
 }

 // ProcessConfigArgs processes args and returns an service, key, value slice
-func ProcessConfigArgs(args []string) ([]*ServiceKeyValue, error) {
+func ProcessConfigArgs(args []string, base64Encoded bool) ([]*ServiceKeyValue, error) {
 	// prepare received args
 	// split args[0] into key and value
 	if len(args) == 0 {
 		err := fmt.Errorf("No args were provided. Please provide args to configure the current context")
 		return nil, err
 	}
+	notValidErr := fmt.Errorf("Please provide valid args for this command")
 	resultSvcKV := make([]*ServiceKeyValue, len(args))
-	re1 := regexp.MustCompile(`([\w\-]{1,}).([\w\-]{1,})=("*[\w\-?=_/:0-9\.]+"*)`)
+	// qliksense.mongodb=somethig
 	for i, arg := range args {
 		LogDebugMessage("Arg received: %s", arg)
-		result := re1.FindStringSubmatch(arg)
-		// check if result array's length is == 4 (index 0 - is the full match & indices 1,2,3- are the fields we need)
-		if len(result) != 4 {
-			err := fmt.Errorf("Please provide valid args for this command")
-			return nil, err
+		first := strings.SplitN(arg, "=", 2)
+		if len(first) != 2 {
+			return nil, notValidErr
+		}
+		second := strings.SplitN(first[0], ".", 2)
+		if len(second) != 2 {
+			return nil, notValidErr
+		}
+		resultValue := strings.Trim(first[1], "\"")
+		if base64Encoded {
+			if decodeByte, err := b64.StdEncoding.DecodeString(resultValue); err != nil {
+				return nil, err
+			} else {
+				resultValue = strings.Trim(string(decodeByte), "\n ")
+			}
 		}
 		resultSvcKV[i] = &ServiceKeyValue{
-			SvcName: result[1],
-			Key:     result[2],
-			Value:   strings.ReplaceAll(result[3], `"`, ""),
+			SvcName: second[0],
+			Key:     second[1],
+			Value:   resultValue,
 		}
 	}
 	return resultSvcKV, nil
--- a/pkg/api/utils_test.go
+++ b/pkg/api/utils_test.go
@@ -11,11 +11,12 @@ func TestProcessConfigArgs(t *testing.T) {
 		"test-dash.dash-key=value-dash",
 		"test-dot.dot-key=127.0.0.1",
 		"test123.key123=value123",
+		"test-equal.keyequal=newvalue=@hj",
 	}
-	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123"}
-	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123"}
-	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123"}
-	sv, err := ProcessConfigArgs(args)
+	expectedKeys := []string{"mongodb", "test", "dash-key", "dot-key", "key123", "keyequal"}
+	expectedValue := []string{"mongouri://something?ffall", "value_under", "value-dash", "127.0.0.1", "value123", "newvalue=@hj"}
+	exppectedSvc := []string{"qliksense", "test_under", "test-dash", "test-dot", "test123", "test-equal"}
+	sv, err := ProcessConfigArgs(args, false)
 	if err != nil {
 		t.Log(err)
 		t.FailNow()
--- a/pkg/preflight/all_checks.go
+++ b/pkg/preflight/all_checks.go
@@ -7,6 +7,7 @@ import (
 func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfigContents []byte, mongodbUrl string) {

 	checkCount := 0
+	totalCount := 0
 	// Preflight minimum kuberenetes version check
 	fmt.Printf("\nPreflight kubernetes minimum version check\n")
 	fmt.Println("------------------------------------------")
@@ -15,6 +16,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight deployment check
 	fmt.Printf("\nPreflight deployment check\n")
@@ -24,6 +26,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight service check
 	fmt.Printf("\nPreflight service check\n")
@@ -33,6 +36,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight pod check
 	fmt.Printf("\nPreflight pod check\n")
@@ -42,6 +46,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight role check
 	fmt.Printf("\nPreflight role check\n")
@@ -51,6 +56,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight rolebinding check
 	fmt.Printf("\nPreflight rolebinding check\n")
@@ -60,6 +66,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight serviceaccount check
 	fmt.Printf("\nPreflight serviceaccount check\n")
@@ -69,6 +76,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight mongo check
 	fmt.Printf("\nPreflight mongo check\n")
@@ -78,6 +86,7 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

 	// Preflight DNS check
 	fmt.Printf("\nPreflight DNS check\n")
@@ -87,8 +96,9 @@ func (qp *QliksensePreflight) RunAllPreflightChecks(namespace string, kubeConfig
 	} else {
 		checkCount++
 	}
+	totalCount++

-	if checkCount == 9 {
+	if checkCount == totalCount {
 		fmt.Printf("\nAll preflight checks have PASSED\n")
 	} else {
 		fmt.Printf("\n1 or more preflight checks have FAILED\n")
--- a/pkg/preflight/deployability.go
+++ b/pkg/preflight/deployability.go
@@ -66,7 +66,8 @@ func (qp *QliksensePreflight) CheckPod(namespace string, kubeConfigContents []by
 func (qp *QliksensePreflight) checkPfPod(clientset *kubernetes.Clientset, namespace string) error {
 	// create a pod
 	podName := "pod-pf-check"
-	pod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(nginx))
+	commandToRun := []string{}
+	pod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(nginx), commandToRun)
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod %s - %v\n", podName, err)
 		return err
--- a/pkg/preflight/dns_check.go
+++ b/pkg/preflight/dns_check.go
@@ -3,8 +3,6 @@ package preflight
 import (
 	"fmt"
 	"strings"
-
-	"github.com/qlik-oss/sense-installer/pkg/api"
 )

 const (
@@ -13,7 +11,7 @@ const (
 )

 func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []byte) error {
-	clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
+	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
 		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
 		fmt.Println(err)
@@ -45,11 +43,13 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by

 	// create a pod
 	podName := "pf-pod-1"
-	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(netcat))
+	commandToRun := []string{"sh", "-c", "sleep 10; nc -z -v -w 1 " + dnsService.Name + " 80"}
+	dnsPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(netcat), commandToRun)
 	if err != nil {
 		err = fmt.Errorf("error: unable to create pod : %s\n", podName)
 		return err
 	}
+
 	defer deletePod(clientset, namespace, podName)

 	if err := waitForPod(clientset, namespace, dnsPod); err != nil {
@@ -60,18 +60,21 @@ func (qp *QliksensePreflight) CheckDns(namespace string, kubeConfigContents []by
 		fmt.Println(err)
 		return err
 	}
-	api.LogDebugMessage("Exec-ing into the container...")
-	stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, dnsPod.Name, dnsPod.Spec.Containers[0].Name, namespace, []string{"nc", "-z", "-v", "-w 1", dnsService.Name, "80"})
+
+	waitForPodToDie(clientset, namespace, dnsPod)
+
+	logStr, err := getPodLogs(clientset, dnsPod)
 	if err != nil {
 		err = fmt.Errorf("error: unable to execute dns check in the cluster: %v", err)
 		fmt.Println(err)
 		return err
 	}

-	if strings.HasSuffix(stdout, "succeeded!") || strings.HasSuffix(stderr, "succeeded!") {
+	if strings.HasSuffix(strings.TrimSpace(logStr), "succeeded!") {
 		fmt.Println("Preflight DNS check: PASSED")
 	} else {
-		fmt.Println("Preflight DNS check: FAILED")
+		err = fmt.Errorf("Expected response not found\n")
+		return err
 	}

 	fmt.Println("Completed preflight DNS check")
--- a/pkg/preflight/mongo_check.go
+++ b/pkg/preflight/mongo_check.go
@@ -4,12 +4,11 @@ import (
 	"fmt"
 	"strings"

-	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )

 const (
-	mongoImage = "mongo"
+	mongo = "mongo"
 )

 func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace, mongodbUrl string) error {
@@ -33,15 +32,15 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace, m
 	}

 	fmt.Printf("mongodbUrl: %s\n", mongodbUrl)
-	if err := mongoConnCheck(kubeConfigContents, namespace, mongodbUrl); err != nil {
+	if err := qp.mongoConnCheck(kubeConfigContents, namespace, mongodbUrl); err != nil {
 		return err
 	}
 	fmt.Println("Completed preflight mongodb check")
 	return nil
 }

-func mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) error {
-	clientset, clientConfig, err := getK8SClientSet(kubeConfigContents, "")
+func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) error {
+	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
 		err = fmt.Errorf("error: unable to create a kubernetes client: %v\n", err)
 		fmt.Println(err)
@@ -49,10 +48,10 @@ func mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) err
 	}
 	// create a pod
 	podName := "pf-mongo-pod"
-	mongoPod, err := createPreflightTestPod(clientset, namespace, podName, mongoImage)
+	commandToRun := []string{"sh", "-c", "sleep 10;mongo " + mongodbUrl}
+	mongoPod, err := createPreflightTestPod(clientset, namespace, podName, qp.GetPreflightConfigObj().GetImageName(mongo), commandToRun)
 	if err != nil {
-		err = fmt.Errorf("error: unable to create pod : %s\n", podName)
-		fmt.Println("Preflight mongo check: FAILED")
+		err = fmt.Errorf("error: unable to create pod : %v\n", err)
 		return err
 	}
 	defer deletePod(clientset, namespace, podName)
@@ -61,25 +60,24 @@ func mongoConnCheck(kubeConfigContents []byte, namespace, mongodbUrl string) err
 		return err
 	}
 	if len(mongoPod.Spec.Containers) == 0 {
-		err := fmt.Errorf("error: there are no containers in the pod")
+		err := fmt.Errorf("error: there are no containers in the pod- %v\n", err)
 		fmt.Println(err)
 		return err
 	}
-	api.LogDebugMessage("Exec-ing into the container...")
-	stdout, stderr, err := executeRemoteCommand(clientset, clientConfig, mongoPod.Name, mongoPod.Spec.Containers[0].Name, namespace, []string{"mongo", mongodbUrl})
+	waitForPodToDie(clientset, namespace, mongoPod)
+	logStr, err := getPodLogs(clientset, mongoPod)
 	if err != nil {
-		err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v", err)
+		err = fmt.Errorf("error: unable to execute mongo check in the cluster: %v\n", err)
 		fmt.Println(err)
 		return err
 	}

-	api.LogDebugMessage("stdout:", stdout)
-	api.LogDebugMessage("stderr:", stderr)
-	stringToCheck := "Implicit session"
-	if strings.Contains(stdout, stringToCheck) || strings.Contains(stderr, stringToCheck) {
+	stringToCheck := "Implicit session:"
+	if strings.Contains(logStr, stringToCheck) {
 		fmt.Println("Preflight mongo check: PASSED")
 	} else {
-		fmt.Println("Preflight mongo check: FAILED")
+		err = fmt.Errorf("Expected response not found\n")
+		return err
 	}
 	return nil
 }
--- a/pkg/preflight/preflight_utils.go
+++ b/pkg/preflight/preflight_utils.go
@@ -6,33 +6,24 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
-	"net/url"
 	"path/filepath"
 	"strings"
 	"time"

 	"github.com/mitchellh/go-homedir"
-
-	"k8s.io/apimachinery/pkg/util/wait"
-
-	"k8s.io/client-go/util/retry"
-
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/tools/remotecommand"
-	"k8s.io/kubectl/pkg/scheme"
-
 	"github.com/pkg/errors"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	appsv1 "k8s.io/api/apps/v1"
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/api/rbac/v1beta1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
-	restclient "k8s.io/client-go/rest"
-
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/retry"
 )

 var gracePeriod int64 = 0
@@ -41,8 +32,8 @@ type QliksensePreflight struct {
 	Q *qliksense.Qliksense
 }

-func (qp *QliksensePreflight) GetPreflightConfigObj() *PreflightConfig {
-	return NewPreflightConfig(qp.Q.QliksenseHome)
+func (qp *QliksensePreflight) GetPreflightConfigObj() *api.PreflightConfig {
+	return api.NewPreflightConfig(qp.Q.QliksenseHome)
 }

 func InitPreflight() (string, []byte, error) {
@@ -310,7 +301,7 @@ func deletePod(clientset *kubernetes.Clientset, namespace, name string) error {
 	return nil
 }

-func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string) (*apiv1.Pod, error) {
+func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, podName string, imageName string, commandToRun []string) (*apiv1.Pod, error) {
 	// build the pod definition we want to deploy
 	pod := &apiv1.Pod{
 		ObjectMeta: v1.ObjectMeta{
@@ -321,15 +312,13 @@ func createPreflightTestPod(clientset *kubernetes.Clientset, namespace string, p
 			},
 		},
 		Spec: apiv1.PodSpec{
+			RestartPolicy: apiv1.RestartPolicyNever,
 			Containers: []apiv1.Container{
 				{
 					Name:            "cnt",
 					Image:           imageName,
 					ImagePullPolicy: apiv1.PullIfNotPresent,
-					Command: []string{
-						"sleep",
-						"3600",
-					},
+					Command:         commandToRun,
 				},
 			},
 		},
@@ -360,65 +349,68 @@ func getPod(clientset *kubernetes.Clientset, namespace, podName string) (*apiv1.
 	return pod, nil
 }

-func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error {
-	exec, err := remotecommand.NewSPDYExecutor(config, method, url)
+func getPodLogs(clientset *kubernetes.Clientset, pod *apiv1.Pod) (string, error) {
+	podLogOpts := apiv1.PodLogOptions{}
+
+	api.LogDebugMessage("Retrieving logs for pod: %s   namespace: %s\n", pod.GetName(), pod.Namespace)
+	req := clientset.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &podLogOpts)
+	podLogs, err := req.Stream()
 	if err != nil {
-		return err
+		return "", err
 	}
-	return exec.Stream(remotecommand.StreamOptions{
-		Stdin:  stdin,
-		Stdout: stdout,
-		Stderr: stderr,
-		Tty:    tty,
-	})
+	defer podLogs.Close()
+	time.Sleep(15 * time.Second)
+	buf := new(bytes.Buffer)
+	_, err = io.Copy(buf, podLogs)
+	if err != nil {
+		return "", err
+	}
+	api.LogDebugMessage("Log from pod: %s\n", buf.String())
+	return buf.String(), nil
 }

-func executeRemoteCommand(clientset *kubernetes.Clientset, config *rest.Config, podName, containerName, namespace string, command []string) (string, string, error) {
-	tty := false
-	req := clientset.CoreV1().RESTClient().Post().
-		Resource("pods").
-		Name(podName).
-		Namespace(namespace).
-		SubResource("exec").
-		Param("container", containerName)
-	req.VersionedParams(&apiv1.PodExecOptions{
-		Container: containerName,
-		Command:   command,
-		Stdin:     false,
-		Stdout:    true,
-		Stderr:    true,
-		TTY:       tty,
-	}, scheme.ParameterCodec)
-
-	var stdout, stderr bytes.Buffer
-	err := execute("POST", req.URL(), config, nil, &stdout, &stderr, tty)
-	return strings.TrimSpace(stdout.String()), strings.TrimSpace(stderr.String()), err
-}
-
-func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
+func waitForResource(checkFunc func() (interface{}, error), validateFunc func(interface{}) bool) error {
 	timeout := time.NewTicker(2 * time.Minute)
 	defer timeout.Stop()
-	var d *appsv1.Deployment
-	var err error
-WAIT:
+OUT:
 	for {
-		d, err = getDeployment(clientset, namespace, pfDeployment.GetName())
+		r, err := checkFunc()
 		if err != nil {
-			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", pfDeployment.GetName())
-			fmt.Println(err)
 			return err
 		}
 		select {
 		case <-timeout.C:
-			break WAIT
+			break OUT
 		default:
-			if int(d.Status.ReadyReplicas) > 0 {
-				break WAIT
+			if validateFunc(r) {
+				break OUT
 			}
 		}
 		time.Sleep(5 * time.Second)
 	}
-	if int(d.Status.ReadyReplicas) == 0 {
+	return nil
+}
+
+func waitForDeployment(clientset *kubernetes.Clientset, namespace string, pfDeployment *appsv1.Deployment) error {
+	var err error
+	depName := pfDeployment.GetName()
+	checkFunc := func() (interface{}, error) {
+		pfDeployment, err = getDeployment(clientset, namespace, depName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve deployment: %s\n", depName)
+			fmt.Println(err)
+			return nil, err
+		}
+		return pfDeployment, nil
+	}
+	validateFunc := func(data interface{}) bool {
+		d := data.(*appsv1.Deployment)
+		return int(d.Status.ReadyReplicas) > 0
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	if int(pfDeployment.Status.ReadyReplicas) == 0 {
 		err = fmt.Errorf("error: deployment took longer than expected to spin up pods")
 		fmt.Println(err)
 		return err
@@ -428,82 +420,93 @@ WAIT:

 func waitForPod(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
 	var err error
-	if len(pod.Spec.Containers) > 0 {
-		timeout := time.NewTicker(2 * time.Minute)
-		defer timeout.Stop()
-		podName := pod.Name
-	OUT:
-		for {
-			pod, err = getPod(clientset, namespace, podName)
-			if err != nil {
-				err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
-				fmt.Println(err)
-				return err
-			}
-			select {
-			case <-timeout.C:
-				break OUT
-			default:
-				if len(pod.Status.ContainerStatuses) > 0 && pod.Status.ContainerStatuses[0].Ready {
-					break OUT
-				}
-			}
-			time.Sleep(5 * time.Second)
-		}
-		if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
-			err = fmt.Errorf("error: container is taking much longer than expected")
-			fmt.Println(err)
-			return err
-		}
-		return nil
+	if len(pod.Spec.Containers) == 0 {
+		err = fmt.Errorf("error: there are no containers in the pod")
+		fmt.Println(err)
+		return err
 	}
-	err = fmt.Errorf("error: there are no containers in the pod")
-	fmt.Println(err)
-	return err
+	podName := pod.Name
+	checkFunc := func() (interface{}, error) {
+		pod, err = getPod(clientset, namespace, podName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+			fmt.Println(err)
+			return nil, err
+		}
+		return pod, nil
+	}
+	validateFunc := func(data interface{}) bool {
+		po := data.(*apiv1.Pod)
+		return len(po.Status.ContainerStatuses) > 0 && po.Status.ContainerStatuses[0].Ready
+	}
+
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
+		err = fmt.Errorf("error: container is taking much longer than expected")
+		fmt.Println(err)
+		return err
+	}
+	return nil
+}
+
+func waitForPodToDie(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Pod) error {
+	podName := pod.Name
+	checkFunc := func() (interface{}, error) {
+		po, err := getPod(clientset, namespace, podName)
+		if err != nil {
+			err = fmt.Errorf("error: unable to retrieve %s pod by name", podName)
+			fmt.Println(err)
+			return nil, err
+		}
+		api.LogDebugMessage("pod status: %v\n", po.Status.Phase)
+		return po, nil
+	}
+	validateFunc := func(r interface{}) bool {
+		po := r.(*apiv1.Pod)
+		return po.Status.Phase == apiv1.PodFailed || po.Status.Phase == apiv1.PodSucceeded
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return err
+	}
+	return nil
 }

 func waitForPodToDelete(clientset *kubernetes.Clientset, namespace, podName string) error {
-	var err error
-	timeout := time.NewTicker(2 * time.Minute)
-	defer timeout.Stop()
-OUT:
-	for {
-		_, err = getPod(clientset, namespace, podName)
+	checkFunc := func() (interface{}, error) {
+		po, err := getPod(clientset, namespace, podName)
 		if err != nil {
-			return nil
+			return nil, err
 		}
-		select {
-		case <-timeout.C:
-			break OUT
-		default:
-
-		}
-		time.Sleep(5 * time.Second)
+		return po, nil
 	}
-	err = fmt.Errorf("error: delete pod is taking unusually long")
+	validateFunc := func(po interface{}) bool {
+		return false
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return nil
+	}
+	err := fmt.Errorf("error: delete pod is taking unusually long")
 	fmt.Println(err)
 	return err
 }

 func waitForDeploymentToDelete(clientset *kubernetes.Clientset, namespace, deploymentName string) error {
-	var err error
-	timeout := time.NewTicker(2 * time.Minute)
-	defer timeout.Stop()
-OUT:
-	for {
-		_, err = getDeployment(clientset, namespace, deploymentName)
+	checkFunc := func() (interface{}, error) {
+		dep, err := getDeployment(clientset, namespace, deploymentName)
 		if err != nil {
-			return nil
+			return nil, err
 		}
-		select {
-		case <-timeout.C:
-			break OUT
-		default:
-
-		}
-		time.Sleep(5 * time.Second)
+		return dep, nil
 	}
-	err = fmt.Errorf("error: delete deployment is taking unusually long")
+	validateFunc := func(po interface{}) bool {
+		return false
+	}
+	if err := waitForResource(checkFunc, validateFunc); err != nil {
+		return nil
+	}
+	err := fmt.Errorf("error: delete deployment is taking unusually long")
 	fmt.Println(err)
 	return err
 }
--- a/pkg/preflight/role_check.go
+++ b/pkg/preflight/role_check.go
@@ -2,16 +2,16 @@ package preflight

 import (
 	"fmt"
-	"path"
 	"path/filepath"
+	"strings"

-	"github.com/mitchellh/go-homedir"
-	"github.com/qlik-oss/k-apis/pkg/cr"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 )

+var resultYamlBytes = []byte("")
+
 func (qp *QliksensePreflight) CheckCreateRole(namespace string) error {
 	// create a Role
 	fmt.Printf("Preflight role check: \n")
@@ -69,27 +69,16 @@ func (qp *QliksensePreflight) checkCreateEntity(namespace, entityToTest string)
 	} else {
 		kusDir = filepath.Join(mfroot, "manifests", currentCR.Spec.Profile)
 	}
-
-	currentCR.SetName("random")
-	currentCR.Spec.RotateKeys = "None"
-	currentCR.Spec.ManifestsRoot = mfroot
-	userHomeDir, err := homedir.Dir()
-	if err != nil {
-		fmt.Printf(`error fetching user's home directory: %v\n`, err)
-		return err
+	if len(resultYamlBytes) == 0 {
+		resultYamlBytes, err = qliksense.ExecuteKustomizeBuild(kusDir)
+		if err != nil {
+			fmt.Printf("Unable to retrieve manifests from executing kustomize: %v\n", err)
+			return err
+		}
 	}
-
-	cr.GeneratePatches(&currentCR.KApiCr, path.Join(userHomeDir, ".kube", "config"))
-
-	resultYamlString, err := qliksense.ExecuteKustomizeBuild(kusDir)
-	if err != nil {
-		fmt.Printf("Unable to retrieve manifests from executing kustomize: %v\n", err)
-		return err
-	}
-
-	sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlString), entityToTest)
+	sa := qliksense.GetYamlsFromMultiDoc(string(resultYamlBytes), entityToTest)
 	if sa != "" {
-		// sa = strings.ReplaceAll(sa, "namespace: default\n", fmt.Sprintf("namespace: %s\n", namespace))
+		sa = strings.Replace(sa, "name: qliksense", "name: preflight", -1)
 	} else {
 		err := fmt.Errorf("Unable to retrieve yamls to apply on cluster")
 		fmt.Println(err)
--- a/pkg/qliksense/about.go
+++ b/pkg/qliksense/about.go
@@ -194,8 +194,10 @@ func getImageList(yamlContent []byte) ([]string, error) {
 		})
 	}
 	var sortedImageList []string
-	for image, _ := range imageMap {
+	for image, v := range imageMap {
 		sortedImageList = append(sortedImageList, image)
+		// a warning "simplify range expression" if written like this 'for image _ :=range imageMap'
+		_ = v
 	}
 	sort.Strings(sortedImageList)
 	return sortedImageList, nil
--- a/pkg/qliksense/about_test.go
+++ b/pkg/qliksense/about_test.go
@@ -525,12 +525,16 @@ func Test_About_getConfigDirectory(t *testing.T) {
 					if err := q.SetUpQliksenseDefaultContext(); err != nil {
 						t.Fatalf("error setting up default context in the tmp dir: %v\n", err)
 						return nil, "", "", ""
-					} else if err := q.FetchQK8s("master"); err != nil {
-						t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
+					} else if qConfig, err := qapi.NewQConfigE(q.QliksenseHome); err != nil {
+						t.Fatalf("cannot initiallize qConfig: %v\n", err)
 						return nil, "", "", ""
-					} else {
-						return q, "no-git-clone-for-you", "", ""
+					} else if !qConfig.IsRepoExistForCurrent("master") {
+						if err := q.FetchQK8s("master"); err != nil {
+							t.Fatalf("error fetching master config to the tmp dir: %v\n", err)
+							return nil, "", "", ""
+						}
 					}
+					return q, "no-git-clone-for-you", "", ""
 				}
 			},
 			verify: func(q *Qliksense, configDir string, isTemporary bool, profile string) (ok bool, reason string, err error) {
--- a/pkg/qliksense/apply.go
+++ b/pkg/qliksense/apply.go
@@ -18,8 +18,11 @@ func (q *Qliksense) ApplyCRFromReader(r io.Reader, opts *InstallCommandOptions,
 	if IsQliksenseInstalled(cr.GetName()) {
 		// it is needed in case want to upgrade from one version to another
 		if cr.Spec.ManifestsRoot == "" && cr.Spec.Git == nil {
-			if err := q.FetchQK8s(cr.GetLabelFromCr("version")); err != nil {
-				return err
+			v := cr.GetLabelFromCr("version")
+			if !qConfig.IsRepoExistForCurrent(v) {
+				if err := q.FetchQK8s(v); err != nil {
+					return err
+				}
 			}
 		}
 		return q.UpgradeQK8s(keepPatchFiles)
--- a/pkg/qliksense/config.go
+++ b/pkg/qliksense/config.go
@@ -18,7 +18,7 @@ import (
 )

 const (
-	Q_INIT_CRD_PATH   = "manifests/base/manifests/qliksense-init"
+	Q_INIT_CRD_PATH   = "manifests/base/crds"
 	agreementTempalte = `
 	Please read the agreement at https://www.qlik.com/us/legal/license-terms
 	Accept the end user license agreement by providing acceptEULA=yes
@@ -146,18 +146,22 @@ func (q *Qliksense) getCurrentCrDependentResourceAsString() (string, error) {
 	var crString strings.Builder

 	for svcName, v := range qcr.Spec.Secrets {
+		hasFile := false
 		for _, item := range v {
 			if item.ValueFrom != nil && item.ValueFrom.SecretKeyRef != nil {
-				secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
-
-				if api.FileExists(secretFilePath) {
-					secretFile, err := ioutil.ReadFile(secretFilePath)
-					if err != nil {
-						return "", err
-					}
-					crString.WriteString("\n---\n")
-					crString.Write(secretFile)
+				hasFile = true
+				break
+			}
+		}
+		if hasFile {
+			secretFilePath := filepath.Join(q.QliksenseHome, QliksenseContextsDir, qcr.GetName(), QliksenseSecretsDir, svcName+".yaml")
+			if api.FileExists(secretFilePath) {
+				secretFile, err := ioutil.ReadFile(secretFilePath)
+				if err != nil {
+					return "", err
 				}
+				crString.WriteString("\n---\n")
+				crString.Write(secretFile)
 			}
 		}
 	}
--- a/pkg/qliksense/context_configs.go
+++ b/pkg/qliksense/context_configs.go
@@ -1,8 +1,9 @@
 package qliksense

 import (
-	"crypto/rsa"
+	"errors"
 	"fmt"
+	"io"

 	"github.com/qlik-oss/k-apis/pkg/config"
 	"github.com/robfig/cron/v3"
@@ -33,12 +34,27 @@ const (
 	MaxContextNameLength    = 17
 	QliksenseSecretsDir     = "secrets"

-	imageRegistryConfigKey = "imageRegistry"
-	pullSecretName         = "artifactory-docker-secret"
+	imageRegistryConfigKey     = "imageRegistry"
+	pullSecretName             = "artifactory-docker-secret"
+	qliksenseOperatorImageRepo = "qlik-docker-oss.bintray.io"
+	qliksenseOperatorImageName = "qliksense-operator"
 )

+func (q *Qliksense) SetSecretsFromReader(arg string, reader io.Reader, createSecret, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetSecrets([]string{argName[0] + "=" + string(valueBytes)}, createSecret, base64Encoded)
+}
+
 // SetSecrets - set-secrets <key>=<value> commands
-func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
+func (q *Qliksense) SetSecrets(args []string, isSecretSet bool, base64Encoded bool) error {
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
 	if err != nil {
@@ -47,17 +63,17 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {

 	// Metadata name in qliksense CR is the name of the current context
 	api.LogDebugMessage("Current context: %s", qliksenseCR.GetName())
-	rsaPublicKey, _, err := qConfig.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
 	if err != nil {
 		return err
 	}
-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
 	for _, ra := range resultArgs {
 		api.LogDebugMessage("value args to be encrypted: %s", ra.Value)
-		if err := q.processSecret(ra, rsaPublicKey, qliksenseCR, isSecretSet); err != nil {
+		if err := q.processSecret(ra, encryptionKey, qliksenseCR, isSecretSet); err != nil {
 			return err
 		}
 	}
@@ -65,14 +81,11 @@ func (q *Qliksense) SetSecrets(args []string, isSecretSet bool) error {
 	return qConfig.WriteCR(qliksenseCR)
 }

-func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.PublicKey, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
-	// encrypt value with RSA key pair
-	valueBytes := []byte(ra.Value)
-	cipherText, e2 := api.Encrypt(valueBytes, rsaPublicKey)
+func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, encryptionKey string, qliksenseCR *api.QliksenseCR, isSecretSet bool) error {
+	cipherText, e2 := api.EncryptData([]byte(ra.Value), encryptionKey)
 	if e2 != nil {
 		return e2
 	}
-	base64EncodedSecret := b64.StdEncoding.EncodeToString(cipherText)
 	secretName := ""
 	if isSecretSet {
 		secretFolder := qliksenseCR.GetK8sSecretsFolder(q.QliksenseHome)
@@ -104,7 +117,8 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.Pub
 		if k8sSecret.Data == nil {
 			k8sSecret.Data = map[string][]byte{}
 		}
-		k8sSecret.Data[ra.Key] = []byte(base64EncodedSecret)
+		// v1.Secret does enconding, so no need to encode again
+		k8sSecret.Data[ra.Key] = []byte(cipherText)

 		// Write secret to file
 		k8sSecretBytes, err := api.K8sSecretToYaml(k8sSecret)
@@ -117,18 +131,28 @@ func (q *Qliksense) processSecret(ra *api.ServiceKeyValue, rsaPublicKey *rsa.Pub
 			return err
 		}
 		api.LogDebugMessage("Created a Kubernetes secret")
-
-		// Prepare args to update CR in the next step
-		base64EncodedSecret = ""
 	}
-
+	base64EncodedSecret := b64.StdEncoding.EncodeToString([]byte(cipherText))
 	// write into CR the keyref of the secret
 	qliksenseCR.Spec.AddToSecrets(ra.SvcName, ra.Key, base64EncodedSecret, secretName)
 	return nil
 }

+func (q *Qliksense) SetConfigFromReader(arg string, reader io.Reader, base64Encoded bool) error {
+	//take only name from the arguments, value should be from reader
+	argName := strings.SplitN(arg, "=", 1)
+	if len(argName) != 1 {
+		return errors.New("can only have one argument from pipe")
+	}
+	valueBytes, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return err
+	}
+	return q.SetConfigs([]string{argName[0] + "=" + string(valueBytes)}, base64Encoded)
+}
+
 // SetConfigs - set-configs <key>=<value> commands
-func (q *Qliksense) SetConfigs(args []string) error {
+func (q *Qliksense) SetConfigs(args []string, base64Encoded bool) error {
 	// retieve current context from config.yaml
 	qConfig := api.NewQConfig(q.QliksenseHome)
 	qliksenseCR, err := qConfig.GetCurrentCR()
@@ -136,7 +160,7 @@ func (q *Qliksense) SetConfigs(args []string) error {
 		return err
 	}

-	resultArgs, err := api.ProcessConfigArgs(args)
+	resultArgs, err := api.ProcessConfigArgs(args, base64Encoded)
 	if err != nil {
 		return err
 	}
@@ -216,43 +240,130 @@ func (q *Qliksense) SetOtherConfigs(args []string) error {
 	}

 	for _, arg := range args {
-		argsString := strings.Split(arg, "=")
-		key := strings.ToLower(argsString[0])
-		value := argsString[1]
-		// check if key is for git or gitops (sub objects)
-		keySplit := strings.Split(key, ".")
-		key = keySplit[0]
-		keySub := ""
-
-		if len(keySplit) == 2 {
-			keySub = strings.ToLower(keySplit[1])
-		}
-
-		valid := true
-		valid, qliksenseCR = validateCR(key, keySub, value, qliksenseCR)
-		field := caseInsenstiveFieldByName(reflect.Indirect(reflect.ValueOf(qliksenseCR.Spec)), key)
-		if !valid {
-			err := fmt.Errorf("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot, git.repository or gitops arguments to configure the current context")
-			return err
-		} else if strings.EqualFold("", keySub) {
-			// set spec for everything excluding git and gitops
-			if field.CanSet() {
-				field.SetString(value)
+		if strings.HasPrefix(arg, "fetchSource.") {
+			if err := q.processSetFetchSource(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "git.") {
+			if err := q.processSetGit(arg, qliksenseCR); err != nil {
+				return err
+			}
+		} else if strings.HasPrefix(arg, "gitOps.") {
+			if err := q.processSetGitOps(arg, qliksenseCR); err != nil {
+				return err
 			}
 		} else {
-			// set spec for git or gitops
-			subField := caseInsenstiveFieldByName(reflect.Indirect(field), keySub)
-			if subField.CanSet() {
-				subField.SetString(value)
+			if err := processSetSingleArg(arg, qliksenseCR); err != nil {
+				return err
 			}
 		}
-
 		fmt.Println(chalk.Green.Color("Successfully added to Custom Resource Spec"))
 	}
+
 	// write modified content into context.yaml
 	return qConfig.WriteCR(qliksenseCR)
 }

+func processSetSingleArg(arg string, cr *api.QliksenseCR) error {
+	nv := strings.Split(arg, "=")
+	switch nv[0] {
+	case "manifestsRoot":
+		cr.Spec.ManifestsRoot = nv[1]
+	case "profile":
+		cr.Spec.Profile = nv[1]
+	case "storageClassName":
+		cr.Spec.StorageClassName = nv[1]
+	case "rotateKeys":
+		valid := false
+		for _, v := range []string{"yes", "no", "None"} {
+			if nv[1] == v {
+				valid = true
+			}
+		}
+		if !valid {
+			return errors.New("please povide rotateKeys=yes|no|None")
+		}
+		cr.Spec.RotateKeys = nv[1]
+	default:
+		return errors.New("Please enter one of: profile, storageClassName,rotateKeys, manifestRoot to configure the current context")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetFetchSource(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.FetchSource == nil {
+		cr.Spec.FetchSource = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.FetchSource.Repository = args[1]
+	case "accessToken":
+		qConfig := api.NewQConfig(q.QliksenseHome)
+		key, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		return cr.SetFetchAccessToken(args[1], key)
+	case "secretName":
+		cr.Spec.FetchSource.SecretName = args[1]
+	case "userName":
+		cr.Spec.FetchSource.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGit(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.Git = &config.Repo{}
+	}
+	switch subs[1] {
+	case "repository":
+		cr.Spec.Git.Repository = args[1]
+	case "accessToken":
+		cr.Spec.Git.AccessToken = args[1]
+	case "secretName":
+		cr.Spec.Git.SecretName = args[1]
+	case "userName":
+		cr.Spec.Git.UserName = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
+func (q *Qliksense) processSetGitOps(arg string, cr *api.QliksenseCR) error {
+	args := strings.Split(arg, "=")
+	subs := strings.Split(args[0], ".")
+	if cr.Spec.Git == nil {
+		cr.Spec.GitOps = &config.GitOps{}
+	}
+	switch subs[1] {
+	case "enabled":
+		if args[1] != "yes" && args[1] != "no" {
+			return errors.New("Please use yes or no for key enabled")
+		}
+		cr.Spec.GitOps.Enabled = args[1]
+	case "schedule":
+		if _, err := cron.ParseStandard(args[1]); err != nil {
+			return errors.New("Please enter string with standard cron scheduling syntax ")
+		}
+		cr.Spec.GitOps.Schedule = args[1]
+	case "watchBranch":
+		cr.Spec.GitOps.WatchBranch = args[1]
+	case "image":
+		cr.Spec.GitOps.Image = args[1]
+	default:
+		return errors.New(arg + " does not match any cr spec")
+	}
+	return nil
+}
+
 // SetContextConfig - set the context for qliksense kubernetes resources to live in
 func (q *Qliksense) SetContextConfig(args []string) error {
 	if len(args) == 1 {
@@ -401,7 +512,7 @@ func (q *Qliksense) SetUpQliksenseContext(contextName string) error {
 	}

 	// set the encrypted default mongo
-	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false)
+	return q.SetSecrets([]string{`qliksense.mongoDbUri="mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"`}, false, false)
 }

 func validateInput(input string) (string, error) {
@@ -422,7 +533,8 @@ func validateInput(input string) (string, error) {
 	return input, err
 }

-// PrepareK8sSecret decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
+// PrepareK8sSecret targetFile contains base64 encoded value of encrypted value.
+// this method decodes and decrypts the secret value in the secret.yaml file and returns a B64encoded string
 func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	// check if targetFile exists
 	if !api.FileExists(targetFile) {
@@ -431,7 +543,7 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 		return "", err
 	}
 	qConfig := api.NewQConfig(q.QliksenseHome)
-	_, rsaPrivateKey, err := qConfig.GetCurrentContextEncryptionKeyPair()
+	encryptionKey, err := qConfig.GetEncryptionKeyForCurrent()
 	if err != nil {
 		return "", err
 	}
@@ -449,17 +561,13 @@ func (q *Qliksense) PrepareK8sSecret(targetFile string) (string, error) {
 	dataMap := k8sSecret1.Data
 	var resultMap = make(map[string][]byte)
 	for k, v := range dataMap {
-		ba, err := b64.StdEncoding.DecodeString(string(v))
-		if err != nil {
-			err := fmt.Errorf("Not able to decode message: %v", err)
-			return "", err
-		}
-		decryptedString, err := api.Decrypt(ba, rsaPrivateKey)
+		//k8s secrets has already base64 decoed value
+		decryptedString, err := api.DecryptData(v, encryptionKey)
 		if err != nil {
 			err := fmt.Errorf("Not able to decrypt message: %v", err)
 			return "", err
 		}
-		resultMap[k] = decryptedString
+		resultMap[k] = []byte(decryptedString)
 	}

 	// putting the above map back into the k8sSecret struct
--- a/pkg/qliksense/context_configs_test.go
+++ b/pkg/qliksense/context_configs_test.go
@@ -35,119 +35,35 @@ metadata:
  name: testctx-qliksense-senseinstaller
 type: Opaque
 `
-var encText = "SFpVZ2t5SGsrN2lLQjlTYm9rbFUxSDFRcmVYdUxhTW9MUHlQOGtGditxMEcwZTlIZDl1dVRrV0tEYm5qUURSWFp3dStuNklueGk3anI2c1djSVdsbWlKTHdWQUJwdUg0a1NXd3llMUlMa2oxK3FRSFlMM2dQUExvN1pBYkVDeDROMUVvam12M0t0NmQwbkdhSXlWWEpmWWJUVVFDM1Y4L0ZTVXBVN0JUb0l4OVZWdmlPam5HTHk4RlF2a3RUaHJxWTUvZEh2N3pVUmhiOTc2Q2YwbEovZ3I2L2NwRk9RMUFXVXdodVhrTG9lYjVzNFdtTEZzNldqT3k0bWlKM1J6VllLaWVUSFJ2SE85eDB6dUthanRwSGEzWEZkaE5QNnpySVJJNTRFalUyblVYYUNlYXVnWnZEOUxjdWluOFhFcjExbkFINURCUDAycXhoZk5BejVoMlV2eFNWVmR0aW1QTDBhMVBJTUxGQTgyWUkrQkFOQkhkSUNnZGU5SkxIRFBoTzR6c0llaE1LRmhVQkNoOUhQa3kyRnhTeDJ3YWp3M1UycEsvcFJVZUxDazRUbkhmL25LN3h5ekdpV3dSUFFFZHdsWE5JbUhjVlVPV3gvNWh4WlJCUTZtb3pGYk1HbXR1Mkh5Z3RVV2gzNFYzd1BhS01TNFRsa0hyODFjRjVCWVpxenBFK1pKWnVyLy8zbzJsU0tFMjMxTG1pcGk1K0FqbXZvUVcyWHBocjFNVWJQY1pXUkJFRkkyQXBCM0FhQXFPa0k1MkRqNG43Mko5bCtaMzdydTk1aHk5K1lzY0FxMjZVbExYRlc0S3RUUkRLSjlMNnVmdlIrUUNudER3em5UTFRHUnEwZU5COWt6S0Q4MFlUdXozeHNXK3cxdjlHbDJaMnBZMTZWTCtEV1k9"
 var decText = "mongodb://qlik-default-mongodb:27017/qliksense?ssl=false"

-func setupTargetFileAndPrivateKey() ([]byte, []byte, string, error) {
-	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
-	privKeyBytes := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEApFf3qCQhAr2QLRRZdhLyB8exLjrQiXLr8hwDe0xHSLJX3w7v
-5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy/ku1KqZVQv/WNTdL2v9Z1ewbRnBj
-DQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQMKqsVwUsLO9amI2TOny/M696eFRW0
-pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV8glJi29Do06e4S6CZUl1hBUy0VlL
-trLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1NesSlfZ0vnrrkW8WFLqewk+Jj+w1x
-eQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcMc0IEZ2LiQIqTL83BLOgMBCsK3FSl
-GMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMPbpcTHxZ+ReIzS+5B1X0FZ7RIL+jS
-L9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3jIQhU0+bgA6hT0k8Kj2f3Q9QnvkHS
-Eff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6ZtjHcirXmMminAQ6cKW1XrEvJBef
-HHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogSTcE05Z6ypAFU2TCrnec9c9VXkRDP
-94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeqrXwanfnGPrjcMVIO/dSOxOUCAwEA
-AQKCAgA5b2TmJnpC8u0IVCxPz582iNurRHLNFpTPMGsnFCl1hp6fHiFJt7mc+FGt
-E1rWjqtd6rdc4Gfth40IPXIV0BTcOqk+FpOFrtO2FXU1PDixQqrlmzGCxb324NTc
-KyyvMpf77yuxXI0zUt8WgmW0eV8nKlOYEhoC96lohTqQ96uuY0bsJ4HS/VVdsN2P
-Lra/fFHQSw8EHUb0pyIqMoscZ5bn18cUK/Z/hGKSYCbCL0Iavy3bbFHBsBPgbeJD
-2BBN4953Iiy1Sak2eUy4b9LtkmaZmVAc7mpOFxLn38gD3icgB+bZPoGBw6b7sw71
-Pc2R+hI9x/oNj0TUR11adhZApBJ9RhBbnSCUt8OUt9U5prNj+9qs8cHJGywtz1da
-ZT1M6mn2MFSsaOyOlJPzGUzSf4AhI7HiouDpLHtHDqLmc8Vv4rZUqrcFw6kZTCY5
-564yE8hh/UimOgQr7467/hADHZ0kBsupFEDWRqQ3qTIikHmGhTYZehDrSGL/3BMG
-rvsFdv0krUHyW4FfHqPN09jfP3LTqd5vVbzRhxcGsoGmP/1kXIDtO8Cp1s/K6Mse
-tInRCRla8ttZ3CZZ+Vf8HLi/n8XSRfbnMGYi7lVVxnp6kNsTEBgosbdU/r1zbMRJ
-8mMMHygyugaRLHmOD/8fkWLfyR88cxPH8u9NufTfvJgiFpZboQKCAQEA0uSU6IGZ
-pXIVZdmDWt4mxpS5T2UYarw3V9z/Isd3kkUU5YrC2XrvPRwmx5Jh9GXl9WENYJAR
-wH7PaJT0HpBwpxJa1RqHHDSka7DnDcy44oRXyM7e2AmcW8QvcDty/0HPo4oZq4IT
-m/+ot1R+bIpmJOweGRhVauzxJEUlQyt+kiH/ad8GiOS6LwqFPq42alnUxPQ106wF
-EZZ2WQdzkyV6tF9aMG18AT1fJsGwNjCLRxJ52t/aEUP5mYwlL2UTT5Acn8KbtrTO
-fFLAxGuB9LDdT1tGgIpzsXmxAaaeuPvSK4TDFdQyLAUdQJdz0GD9j9ciMPQH3UPe
-Vjt6qtpfY6QK2wKCAQEAx36Vys5BlQI0TG6qORI0fiOYpLG1GqmdbCNRgBUsMj5T
-LFe7uSd4qnDvGmns4MdkSSOlpF17bQiWhWKbjKRQpT0U/46zcIT4pWyajXJe+i9H
-M/DpSRkMq2kGkx6KX2u9L66QBzcxJjtS17amdSpDAfsrvJgOWkxxInzw9n1u6aTe
-ZjRDXdVX0KjPebEPOaoJToxne21Od3t+47TnDsQPsO1dvvrXX76IfH8cAlD5+0C/
-b2YvDqWDmh9ICjKShwuDWgi4KjCV5PMHCIxH0FQ2L6mSbwIb9YgGin3wjN3KbWqz
-dgEu7MeDxEwxZSSg4OstYVLQVgM39G/2ZA4YVJEbPwKCAQAo9FjymhBzb6c2Izp+
-D/wpvkIKaBCI0cpRlso5P9E5p466UOsr/tKs5GWnhgbdxlgVAebuJKw93KJ8pciO
-kvA9kbPwBHnOgW6Ytz73kBUrcBX4GixueddSftPTkMfxSB+Bm9UGWHlkZw6lo5P1
-kh7p9qyVpQMZg7AEoiTtWWn4CQAn2DbVqM17Syi7Fmvc1VsbcG1vkM1fMAAFpAvO
-vI2Kr6W9F9XoC7oJtb15mI3DnJPrbGNVzQSQzAWAoblRTyQv5kQFBDHBNPTYcCRJ
-l3sy6P/VAI4dHgvAzVGvjL+w0dRszct8fvXCUGceRWeYYmfyZ8GLN53a0ywsN8Ik
-gHvXAoIBACee5HEa9bt6bJihgf1DuFk1CKPtB2L8PN+1RAKEMfrolexAoG/tfvGa
-7GH6l6ks8KX2BnfWeST2h66GHw6Xs8ydjQYUeV7nidqQ70EYbfSSXznZpvt1liaU
-/VFKx4CcDT7jFIfaVlCZh6KADB9I/XXvRIh4SqF0fSO0XMcXsmeE7watapPAQ2iV
-nl804yk4tBB9oi/JTcQ9Kr5et2UfW15wRiYf+5ZwaPsQ46cyHfPgsCSXztDB3plF
-jTE5ShC4IKZJBQqcC6kk+0ifU8P0da6RpxuU96iUE3h9+sB/bCy+/FV7dq5gEbNy
-znygAbOqAaFKqUXr7bkGY5ELm5lwGFECggEACcyaF9mMqLGghR55ew+cMmdeYdK3
-meMLi5nrgtbQpVLlz+IV7Vdmrv7lZjeTr4nvU/5miU+p+If14CCFBiSucGq3Kmyp
-OSM5cNCjDhw8uIDfY2qWCrZ2NSMR3qaAoBAQyQ2ER1IL98TDF/Qui0ZatbPiM4Ns
-GErhkBZh3MCDSt24yiVKcUB79BxatWB4K7h7y8wqpX4Rj7rpfJMF7wz/I1cgyuCE
-7XFpRwj7F1B2MmXnvV3KAgAD0EqrJDLeM0vIlDhpOUEaFUkuqmQyeB8qQkWfyXbD
-jzloS3cNq0MBijB8oixwD2b4dVhBM7z8vQMX6OntN+97luWgO8OIukoYAg==
-----END RSA PRIVATE KEY-----
-`)
+func setupTargetFileAndPrivateKey() (string, string, error) {

-	publicKeyBytes := []byte(`-----BEGIN RSA PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFf3qCQhAr2QLRRZdhLy
-B8exLjrQiXLr8hwDe0xHSLJX3w7v5z4ujJWrHUulQ2/hvS8uffxMVrp2YqeA4sjy
-/ku1KqZVQv/WNTdL2v9Z1ewbRnBjDQvmkWDKZ+cP8VPdHGzQ4iM2z6BZ4RQTkdQM
-KqsVwUsLO9amI2TOny/M696eFRW0pk4+W3QZZRawT0HqJPvKKXKqoO2+62W54rOV
-8glJi29Do06e4S6CZUl1hBUy0VlLtrLlRSOHTois0dF2a9f7+GGgU11MHO6w1k1N
-esSlfZ0vnrrkW8WFLqewk+Jj+w1xeQnYHOeHjx6zi9f9DC96eSylSB3iJ71NmXcM
-c0IEZ2LiQIqTL83BLOgMBCsK3FSlGMakQUR2GJ+M0I/selYkRMhid6eOmhlsTNMP
-bpcTHxZ+ReIzS+5B1X0FZ7RIL+jSL9mFcxmD3dxurrrt/DkLpXcuWdi1s1bpVn3j
-IQhU0+bgA6hT0k8Kj2f3Q9QnvkHSEff+XyLvLwQeSsSAcnM+1I7fNSPEo2cq0au6
-ZtjHcirXmMminAQ6cKW1XrEvJBefHHibtjJjIM4bHH7MKRA5H3km/J4CCwI1VogS
-TcE05Z6ypAFU2TCrnec9c9VXkRDP94h0GuoG8sdhmQudqvghr/8T7CV+sGRQbdeq
-rXwanfnGPrjcMVIO/dSOxOUCAwEAAQ==
-----END RSA PUBLIC KEY-----
-`)
-
-	targetFile := filepath.Join(testDir, "targetfile.yaml")
-	// tests/config.yaml exists
-	err := ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
-	}
-
-	secretKeyPairDir := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
-	if err := os.MkdirAll(secretKeyPairDir, 0777); err != nil {
+	secretKeyLocation := filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets)
+	if err := os.MkdirAll(secretKeyLocation, 0777); err != nil {
 		err = fmt.Errorf("Not able to create directories")
 		log.Fatal(err)
 	}
-	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyPairDir)
+	os.Setenv("QLIKSENSE_KEY_LOCATION", secretKeyLocation)

-	privKeyFile := filepath.Join(secretKeyPairDir, "qliksensePriv")
-	// construct and write priv key file into secretsDir location
-	err = ioutil.WriteFile(privKeyFile, privKeyBytes, 0777)
+	//privKeyFile := filepath.Join(secretKeyLocation, "user_secret_key")
+	key, err := api.LoadSecretKey(secretKeyLocation)
+	if key == "" {
+		key, err = api.GenerateAndStoreSecretKey(secretKeyLocation)
+	}
+	encData, _ := api.EncryptData([]byte(decText), key)
+	encText := b64.StdEncoding.EncodeToString(encData)
+
+	targetFileString := fmt.Sprintf(targetFileStringTemplate, encText)
+	targetFile := filepath.Join(testDir, "targetfile.yaml")
+	// tests/config.yaml exists
+	err = ioutil.WriteFile(targetFile, []byte(targetFileString), 0777)
 	if err != nil {
 		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
+		return "", "", err
 	}
-	pubKeyFile := filepath.Join(secretKeyPairDir, "qliksensePub")
-	api.LogDebugMessage("Test setup - \npub key path: %s\n, priv key path: %s\n", pubKeyFile, privKeyFile)
-	// construct and write pub key file into secretsDir location
-	err = ioutil.WriteFile(pubKeyFile, publicKeyBytes, 0777)
-	if err != nil {
-		log.Printf("Error while creating file: %v", err)
-		return nil, nil, "", err
-	}
-	return publicKeyBytes, privKeyBytes, targetFile, nil
-}

-func removePrivateKey() {
-	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "qliksensePriv"))
-	if err != nil {
-		log.Fatalf("Could not delete private key %v", err)
-	}
-	return
+	return targetFile, key, err
 }

 func setup() func() {
@@ -328,7 +244,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitops.enabled=yes", "gitops.schedule=30 * * * *", "git.repository=master", "git.username=foo", "git.accesstoken=1234"},
+				args: []string{"profile=minikube", "rotateKeys=yes", "storageClassName=efs", "gitOps.enabled=yes", "gitOps.schedule=30 * * * *", "git.repository=master", "git.userName=foo", "git.accessToken=1234"},
 			},
 			wantErr: false,
 		},
@@ -338,7 +254,7 @@ func TestSetOtherConfigs(t *testing.T) {
 				q: &Qliksense{
 					QliksenseHome: testDir,
 				},
-				args: []string{"someconfig=somevalue, gitops.schedule=bar", "gitops.enabled=bar", "git.foo=bar", "rotatekeys=bar"},
+				args: []string{"someconfig=somevalue, gitOps.schedule=bar", "gitOps.enabled=bar", "git.foo=bar", "rotateKeys=bar"},
 			},
 			wantErr: true,
 		},
@@ -389,7 +305,7 @@ func TestSetConfigs(t *testing.T) {
 	defer tearDown()
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := tt.args.q.SetConfigs(tt.args.args); (err != nil) != tt.wantErr {
+			if err := tt.args.q.SetConfigs(tt.args.args, false); (err != nil) != tt.wantErr {
 				t.Errorf("SetConfigs() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -508,9 +424,14 @@ spec:
 		})
 	}
 }
-
+func removePrivateKey() {
+	err := os.Remove(filepath.Join(testDir, secrets, contexts, qlikDefaultContext, secrets, "user_secret_key"))
+	if err != nil {
+		log.Fatalf("Could not delete private key %v", err)
+	}
+	return
+}
 func Test_PrepareK8sSecret(t *testing.T) {
-
 	type fields struct {
 		QliksenseHome string
 	}
@@ -530,7 +451,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: false,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
+				targetFile, _, _ := setupTargetFileAndPrivateKey()
 				return targetFile, tearDown
 			},
 		},
@@ -543,7 +464,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, targetFile, _ := setupTargetFileAndPrivateKey()
+				targetFile, _, _ := setupTargetFileAndPrivateKey()
 				removePrivateKey()
 				return targetFile, tearDown
 			},
@@ -557,8 +478,7 @@ func Test_PrepareK8sSecret(t *testing.T) {
 			wantErr: true,
 			setup: func() (string, func()) {
 				tearDown := setup()
-				_, _, _, _ = setupTargetFileAndPrivateKey()
-				removePrivateKey()
+				setupTargetFileAndPrivateKey()
 				return "", tearDown
 			},
 		},
@@ -638,6 +558,7 @@ func Test_SetSecrets(t *testing.T) {
 	type args struct {
 		args        []string
 		isSecretSet bool
+		base64      bool
 	}
 	tests := []struct {
 		name    string
@@ -656,6 +577,18 @@ func Test_SetSecrets(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "valid secret secrets=false base64 encoded",
+			fields: fields{
+				QliksenseHome: testDir,
+			},
+			args: args{
+				args:        []string{"qliksense.mongoDbUri=bW9uZ29kYjovL3FsaWstZGVmYXVsdC1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U="},
+				isSecretSet: false,
+				base64:      true,
+			},
+			wantErr: false,
+		},
 		{
 			name: "test1 valid secret secrets=true",
 			fields: fields{
@@ -691,22 +624,17 @@ func Test_SetSecrets(t *testing.T) {
 		},
 	}
 	tearDown := setup()
-	_, privateKeyBytes, _, err := setupTargetFileAndPrivateKey()
+	_, encryptionKey, err := setupTargetFileAndPrivateKey()
 	if err != nil {
 		t.FailNow()
 	}
 	defer tearDown()
-
-	privKey, err := api.DecodeToPrivateKey(privateKeyBytes)
-	if err != nil {
-		t.FailNow()
-	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			q := &Qliksense{
 				QliksenseHome: tt.fields.QliksenseHome,
 			}
-			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet); (err != nil) != tt.wantErr {
+			if err := q.SetSecrets(tt.args.args, tt.args.isSecretSet, tt.args.base64); (err != nil) != tt.wantErr {
 				t.Errorf("SetSecrets() error = %v, wantErr %v", err, tt.wantErr)
 				t.FailNow()
 			}
@@ -717,7 +645,10 @@ func Test_SetSecrets(t *testing.T) {
 			// extract the value for testing
 			testValueArr := strings.SplitN(tt.args.args[0], "=", 2)
 			testValue := strings.ReplaceAll(testValueArr[1], "\"", "")
-
+			if tt.args.base64 {
+				d, _ := b64.StdEncoding.DecodeString(testValue)
+				testValue = strings.Trim(string(d), "\n ")
+			}
 			qliksenseCR, err := readCRFile()
 			if err != nil {
 				err = fmt.Errorf("Not able to read from context file: %v", err)
@@ -734,13 +665,7 @@ func Test_SetSecrets(t *testing.T) {
 							log.Printf("decode error: %v", err)
 							t.FailNow()
 						}
-						decodedValue, err := b64.StdEncoding.DecodeString(valToBeEncrypted)
-						if err != nil {
-							err := fmt.Errorf("Error occurred while decoding: %v", err)
-							log.Printf("decode error: %v", err)
-							t.FailNow()
-						}
-						decryptedVal, err := api.Decrypt(decodedValue, privKey)
+						decryptedVal, err := api.DecryptData([]byte(valToBeEncrypted), encryptionKey)
 						if err != nil {
 							err := fmt.Errorf("Error occurred while testing decryption: %v", err)
 							log.Printf("No Data in Secret: %v", err)
@@ -781,7 +706,8 @@ func getValueToBeDecodedForSetSecrets(item config.NameValue, qliksenseCR *api.Ql
 	}
 	// secret=false
 	if item.Value != "" {
-		return item.Value, nil
+		b, err := b64.RawStdEncoding.DecodeString(item.Value)
+		return string(b), err
 	}
 	err := fmt.Errorf("Both Value and ValueFrom are empty")
 	return "", err
--- a/pkg/qliksense/crds.go
+++ b/pkg/qliksense/crds.go
@@ -2,6 +2,7 @@ package qliksense

 import (
 	"fmt"
+	"os"
 	"path/filepath"

 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
@@ -85,6 +86,10 @@ func getQliksenseInitCrd(qcr *qapi.QliksenseCR) (string, error) {
 	}

 	qInitMsPath := filepath.Join(repoPath, Q_INIT_CRD_PATH)
+	if _, err := os.Lstat(qInitMsPath); err != nil {
+		// older version of qliksense-init used
+		qInitMsPath = filepath.Join(repoPath, "manifests/base/manifests/qliksense-init")
+	}
 	qInitByte, err := ExecuteKustomizeBuild(qInitMsPath)
 	if err != nil {
 		fmt.Println("cannot generate crds for qliksense-init", err)
--- a/pkg/qliksense/docker.go
+++ b/pkg/qliksense/docker.go
@@ -31,8 +31,10 @@ const (
 func (q *Qliksense) PullImages(version, profile string) error {
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if version != "" {
-		if err := q.FetchQK8s(version); err != nil {
-			return err
+		if !qConfig.IsRepoExistForCurrent(version) {
+			if err := q.FetchQK8s(version); err != nil {
+				return err
+			}
 		}
 	}
 	qcr, err := qConfig.GetCurrentCR()
@@ -73,7 +75,7 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	}

 	images := versionOut.Images
-	if err := q.appendOperatorImages(&images); err != nil {
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
 		return err
 	}

@@ -93,6 +95,19 @@ func (q *Qliksense) PullImagesForCurrentCR() error {
 	return nil
 }

+func (q *Qliksense) appendGitOpsImage(images *[]string, qcr *qapi.QliksenseCR) {
+	if qcr.Spec.GitOps != nil && qcr.Spec.GitOps.Image != "" {
+		*images = append(*images, qcr.Spec.GitOps.Image)
+	}
+}
+
+func (q *Qliksense) appendPreflightImages(images *[]string) {
+	pf := qapi.NewPreflightConfig(q.QliksenseHome)
+	for _, preflightImage := range pf.GetImageMap() {
+		*images = append(*images, preflightImage)
+	}
+}
+
 func (q *Qliksense) appendOperatorImages(images *[]string) error {
 	if operatorImages, err := getImageList([]byte(q.GetOperatorControllerString())); err != nil {
 		return err
@@ -173,7 +188,7 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	}

 	images := versionOut.Images
-	if err := q.appendOperatorImages(&images); err != nil {
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
 		return err
 	}

@@ -194,6 +209,15 @@ func (q *Qliksense) PushImagesForCurrentCR() error {
 	return nil
 }

+func (q *Qliksense) appendAdditionalImages(images *[]string, qcr *qapi.QliksenseCR) error {
+	if err := q.appendOperatorImages(images); err != nil {
+		return err
+	}
+	q.appendGitOpsImage(images, qcr)
+	q.appendPreflightImages(images)
+	return nil
+}
+
 func pushImage(image, imagesDir string, dockerConfigJsonSecret *qapi.DockerConfigJsonSecret) error {
 	imageNameParts := getImageNameParts(image)
 	srcDir := filepath.Join(imagesDir, imageIndexDirName, imageNameParts.name, imageNameParts.tag)
--- a/pkg/qliksense/docker_test.go
+++ b/pkg/qliksense/docker_test.go
@@ -68,6 +68,9 @@ const (
 )

 func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skipping pull/push tests in short mode")
+	}
 	var testCases = []struct {
 		name              string
 		registryAuth      bool
@@ -131,7 +134,7 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 			}
 			q := &Qliksense{
 				QliksenseHome: tmpQlikSenseHome,
-				CrdBox:        packr.New("crds", "./crds"),
+				CrdBox:        &packr.Box{},
 			}
 			var versionOut VersionOutput

@@ -170,29 +173,88 @@ func Test_Pull_Push_ImagesForCurrentCR(t *testing.T) {
 	}
 }

-func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
-	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
-apiVersion: config.qlik.com/v1
-kind: QliksenseConfig
+func Test_appendAdditionalImages(t *testing.T) {
+	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
+	if err != nil {
+		t.Fatalf("unexpected error creating tmp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpQlikSenseHome)
+
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, `
+apiVersion: qlik.com/v1
+kind: Qliksense
 metadata:
-  name: QliksenseConfigMetadata
+  name: qlik-default
 spec:
-  contexts:
-  - name: qlik-default
-    crFile: contexts/qlik-default/qlik-default.yaml
-  currentContext: qlik-default
-`), os.ModePerm); err != nil {
-		return err
+  gitOps:
+    image: some-gitops-image
+`)
+
+	q := &Qliksense{
+		QliksenseHome: tmpQlikSenseHome,
+		CrdBox:        packr.New("crds", "./crds"),
 	}

-	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
-	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
-		return err
+	pf := api.NewPreflightConfig(q.QliksenseHome)
+	if err := pf.Initialize(); err != nil {
+		t.Fatalf("unexpected error initializing preflight: %v", err)
 	}

+	qConfig := api.NewQConfig(q.QliksenseHome)
+	qcr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		t.Fatalf("unexpected error getting current CR: %v", err)
+	}
+
+	images := make([]string, 0)
+	if err := q.appendAdditionalImages(&images, qcr); err != nil {
+		t.Fatalf("unexpected error appending additional images: %v", err)
+	}
+
+	expectedNumberAdditionalImages := 5
+	if len(images) != expectedNumberAdditionalImages {
+		t.Fatalf("unexpected number of additional images: %v, expected: %v", len(images), expectedNumberAdditionalImages)
+	}
+
+	haveMatchingImage := func(test func(string) bool) bool {
+		for _, image := range images {
+			if test(image) {
+				return true
+			}
+		}
+		return false
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return strings.Contains(image, "qlik-docker-oss.bintray.io/qliksense-operator:v")
+	}) {
+		t.Fatal("expected to find the operator image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "some-gitops-image"
+	}) {
+		t.Fatal("expected to find the GitOps image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "nginx"
+	}) {
+		t.Fatal("expected to find the nginx Preflight image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "subfuzion/netcat"
+	}) {
+		t.Fatal("expected to find the netcat Preflight image in the list, but it wasn't there")
+	}
+	if !haveMatchingImage(func(image string) bool {
+		return image == "mongo"
+	}) {
+		t.Fatal("expected to find the mongo Preflight image in the list, but it wasn't there")
+	}
+}
+
+func setupQlikSenseHome(t *testing.T, tmpQlikSenseHome string, registry *testRegistryV2, clientAuth clientAuthType) error {
 	version := "foo"
-	manifestsRootDir := fmt.Sprintf("%s/repo/%s", defaultContextDir, version)
-	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(fmt.Sprintf(`
+	manifestsRootDir := filepath.ToSlash(path.Join(tmpQlikSenseHome, "contexts", "qlik-default", "repo", version))
+	cr := fmt.Sprintf(`
 apiVersion: qlik.com/v1
 kind: Qliksense
 metadata:
@@ -208,9 +270,8 @@ spec:
  manifestsRoot: %s
  rotateKeys: "yes"
  releaseName: qlik-default
-`, version, registry.url, manifestsRootDir)), os.ModePerm); err != nil {
-		return err
-	}
+`, version, registry.url, manifestsRootDir)
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, cr)

 	if clientAuth == clientAuthProvided || clientAuth == clientAuthProvidedButIncorrect {
 		if registry.username == "" || clientAuth == clientAuthProvidedButIncorrect {
--- a/pkg/qliksense/fetch.go
+++ b/pkg/qliksense/fetch.go
@@ -1,13 +1,28 @@
 package qliksense

 import (
+	"bufio"
+	"errors"
 	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"

-	"github.com/google/uuid"
 	kapis_git "github.com/qlik-oss/k-apis/pkg/git"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
+	"github.com/src-d/go-git/plumbing/transport"
+	"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
 )

+type FetchCommandOptions struct {
+	GitUrl      string
+	AccessToken string
+	Version     string
+	SecretName  string
+	Overwrite   bool
+}
+
 const (
 	QLIK_GIT_REPO = "https://github.com/qlik-oss/qliksense-k8s"
 )
@@ -17,24 +32,125 @@ func (q *Qliksense) FetchQK8s(version string) error {
 	return fetchAndUpdateCR(qConfig, version)
 }

+func (q *Qliksense) FetchK8sWithOpts(opts *FetchCommandOptions) error {
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	cr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		return err
+	}
+	if opts.AccessToken != "" {
+		encKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
+		if err != nil {
+			return err
+		}
+		if err := cr.SetFetchAccessToken(opts.AccessToken, encKey); err != nil {
+			return err
+		}
+	}
+	if opts.SecretName != "" {
+		cr.SetFetchAccessSecretName(opts.SecretName)
+	}
+	if opts.GitUrl != "" {
+		cr.SetFetchUrl(opts.GitUrl)
+	}
+	v := getVersion(opts, cr)
+	if v == "" {
+		return errors.New("Cannot find gitref/tag/branch/version to fetch")
+	}
+	if qConfig.IsRepoExistForCurrent(v) {
+		if opts.Overwrite || getVerionsOverwriteConfirmation(v) == "y" {
+			if err := qConfig.DeleteRepoForCurrent(v); err != nil {
+				return err
+			}
+		} else {
+			// nothing to do
+			return nil
+		}
+	}
+	qConfig.WriteCR(cr)
+	return fetchAndUpdateCR(qConfig, v)
+}
+
+// fetchAndUpdateCR fetch
 func fetchAndUpdateCR(qConfig *qapi.QliksenseConfig, version string) error {
 	qcr, err := qConfig.GetCurrentCR()
 	if err != nil {
 		fmt.Println("cannot get the current-context cr", err)
 		return err
 	}
-	if qConfig.IsRepoExistForCurrent(version) {
-		return nil
+	if version == "" {
+		if qcr.GetLabelFromCr("version") == "" {
+			return errors.New("Cannot find gitref/tag/branch/version to fetch")
+		}
+		version = qcr.GetLabelFromCr("version")
+	}
+	encKey, err := qConfig.GetEncryptionKeyFor(qcr.GetName())
+	if err != nil {
+		return err
+	}
+	// downlaod to temp first
+	tempDest, err := fetchToTempDir(qcr.GetFetchUrl(), version, qcr.GetFetchAccessToken(encKey))
+	if err != nil {
+		return err
 	}
-	destDir := qConfig.BuildRepoPath(version)
-	fmt.Printf("fetching version [%s] from %s\n", version, QLIK_GIT_REPO)

-	if repo, err := kapis_git.CloneRepository(destDir, QLIK_GIT_REPO, nil); err != nil {
-		return err
-	} else if err = kapis_git.Checkout(repo, version, fmt.Sprintf("%v-by-operator-%v", version, uuid.New().String()), nil); err != nil {
-		return err
+	destDir := qConfig.BuildRepoPath(version)
+	fmt.Printf("fetching version [%s] from %s\n", version, qcr.GetFetchUrl())
+	if err := qapi.CopyDirectory(tempDest, destDir); err != nil {
+		return nil
 	}
 	qcr.Spec.ManifestsRoot = qConfig.BuildCurrentManifestsRoot(version)
 	qcr.AddLabelToCr("version", version)
 	return qConfig.WriteCurrentContextCR(qcr)
 }
+
+func fetchToTempDir(gitUrl, gitRef, accessToken string) (string, error) {
+	tmpDir, err := ioutil.TempDir("", "")
+	if err != nil {
+		return "", err
+	}
+	downloadPath := path.Join(tmpDir, "repo")
+	var auth transport.AuthMethod
+	if accessToken != "" {
+		auth = &http.BasicAuth{
+			Username: "something",
+			Password: accessToken,
+		}
+	}
+	if repo, err := kapis_git.CloneRepository(downloadPath, gitUrl, auth); err != nil {
+		return "", err
+	} else if err := kapis_git.Checkout(repo, gitRef, "", auth); err != nil {
+		return "", err
+	} else {
+		return downloadPath, nil
+	}
+}
+
+func getVersion(opts *FetchCommandOptions, qcr *qapi.QliksenseCR) string {
+	if opts.Version == "" {
+		if qcr.GetLabelFromCr("version") != "" {
+			return qcr.GetLabelFromCr("version")
+		}
+	}
+	return opts.Version
+}
+
+func getVerionsOverwriteConfirmation(version string) string {
+	reader := bufio.NewReader(os.Stdin)
+	fmt.Println("The version  [" + version + "] already exist")
+	cfm := "n"
+	for {
+		fmt.Print("Do you want to delete and fetch again [y/N]: ")
+		cfm, _ = reader.ReadString('\n')
+		cfm = strings.Replace(cfm, "\n", "", -1)
+		cfm = strings.TrimSpace(cfm)
+		if cfm == "" {
+			cfm = "n"
+		}
+		cfm = strings.ToLower(cfm)
+		if cfm == "y" || cfm == "n" {
+			break
+		}
+	}
+	return cfm
+}
--- a/pkg/qliksense/install.go
+++ b/pkg/qliksense/install.go
@@ -27,11 +27,9 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	// fetch the version
 	qConfig := qapi.NewQConfig(q.QliksenseHome)
 	if !keepPatchFiles {
-		defer func() {
-			if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
-				fmt.Printf("error removing temporary changes to the config: %v\n", err)
-			}
-		}()
+		if err := q.DiscardAllUnstagedChangesFromGitRepo(qConfig); err != nil {
+			fmt.Printf("error removing temporary changes to the config: %v\n", err)
+		}
 	}

 	qcr, err := qConfig.GetCurrentCR()
@@ -66,16 +64,11 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	//CRD will be installed outside of operator
 	//install operator controller into the namespace
 	fmt.Println("Installing operator controller")
-	operatorControllerString := q.GetOperatorControllerString()
-	if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
-		operatorControllerString, err = kustomizeForImageRegistry(operatorControllerString, pullSecretName,
-			"qlik/qliksense-operator", fmt.Sprintf("%v/qliksense-operator", imageRegistry))
-		if err != nil {
-			return err
-		}
-	}
-	if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
-		fmt.Println("cannot do kubectl apply on opeartor controller", err)
+	if operatorControllerString, err := q.getProcessedOperatorControllerString(qcr); err != nil {
+		fmt.Println("error extracting/transforming operator controller", err)
+		return err
+	} else if err := qapi.KubectlApply(operatorControllerString, ""); err != nil {
+		fmt.Println("cannot do kubectl apply on operator controller", err)
 		return err
 	}

@@ -94,11 +87,10 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 			return q.applyCR(dcr)
 		}
 	}
-	if version == "" {
-		version = qcr.GetLabelFromCr("version")
-	}
-	if err := fetchAndUpdateCR(qConfig, version); err != nil {
-		return err
+	if !qcr.IsRepoExist() {
+		if err := fetchAndUpdateCR(qConfig, version); err != nil {
+			return err
+		}
 	}

 	qcr, err = qConfig.GetCurrentCR()
@@ -122,9 +114,19 @@ func (q *Qliksense) InstallQK8s(version string, opts *InstallCommandOptions, kee
 	}
 }

+func (q *Qliksense) getProcessedOperatorControllerString(qcr *qapi.QliksenseCR) (string, error) {
+	operatorControllerString := q.GetOperatorControllerString()
+	if imageRegistry := qcr.GetImageRegistry(); imageRegistry != "" {
+		return kustomizeForImageRegistry(operatorControllerString, pullSecretName,
+			fmt.Sprintf("%v/%v", qliksenseOperatorImageRepo, qliksenseOperatorImageName),
+			fmt.Sprintf("%v/%v", imageRegistry, qliksenseOperatorImageName))
+	}
+	return operatorControllerString, nil
+}
+
 func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 	if pullDockerConfigJsonSecret, err := qConfig.GetPullDockerConfigJsonSecret(); err == nil {
-		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(nil); err != nil {
+		if dockerConfigJsonSecretYaml, err := pullDockerConfigJsonSecret.ToYaml(""); err != nil {
 			return err
 		} else if err := qapi.KubectlApply(string(dockerConfigJsonSecretYaml), ""); err != nil {
 			return err
@@ -133,7 +135,7 @@ func installOrRemoveImagePullSecret(qConfig *qapi.QliksenseConfig) error {
 		deleteDockerConfigJsonSecret := qapi.DockerConfigJsonSecret{
 			Name: pullSecretName,
 		}
-		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(nil); err != nil {
+		if deleteDockerConfigJsonSecretYaml, err := deleteDockerConfigJsonSecret.ToYaml(""); err != nil {
 			return err
 		} else if err := qapi.KubectlDelete(string(deleteDockerConfigJsonSecretYaml), ""); err != nil {
 			qapi.LogDebugMessage("failed deleting %v, error: %v\n", pullSecretName, err)
--- a/pkg/qliksense/install_test.go
+++ b/pkg/qliksense/install_test.go
@@ -1,11 +1,20 @@
 package qliksense

 import (
+	"fmt"
 	"io/ioutil"
 	"os"
+	"path"
 	"path/filepath"
+	"strings"
 	"testing"

+	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
+	"sigs.k8s.io/kustomize/api/resid"
+	"sigs.k8s.io/kustomize/api/resmap"
+	"sigs.k8s.io/kustomize/api/resource"
+
+	"github.com/gobuffalo/packr/v2"
 	qapi "github.com/qlik-oss/sense-installer/pkg/api"
 )

@@ -63,3 +72,106 @@ spec:
 	}
 	td()
 }
+
+func setupQliksenseTestDefaultContext(t *testing.T, tmpQlikSenseHome, CR string) {
+	if err := ioutil.WriteFile(path.Join(tmpQlikSenseHome, "config.yaml"), []byte(`
+apiVersion: config.qlik.com/v1
+kind: QliksenseConfig
+metadata:
+  name: QliksenseConfigMetadata
+spec:
+  contexts:
+  - name: qlik-default
+    crFile: contexts/qlik-default/qlik-default.yaml
+  currentContext: qlik-default
+`), os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	defaultContextDir := path.Join(tmpQlikSenseHome, "contexts", "qlik-default")
+	if err := os.MkdirAll(defaultContextDir, os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := ioutil.WriteFile(path.Join(defaultContextDir, "qlik-default.yaml"), []byte(CR), os.ModePerm); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
+func Test_getProcessedOperatorControllerString(t *testing.T) {
+	tmpQlikSenseHome, err := ioutil.TempDir("", "tmp-qlik-sense-home-")
+	if err != nil {
+		t.Fatalf("unexpected error creating tmp dir: %v", err)
+	}
+	defer os.RemoveAll(tmpQlikSenseHome)
+
+	registry := "registryFoo"
+	setupQliksenseTestDefaultContext(t, tmpQlikSenseHome, fmt.Sprintf(`
+apiVersion: qlik.com/v1
+kind: Qliksense
+metadata:
+  name: qlik-default
+spec:
+  configs:
+    qliksense:
+    - name: imageRegistry
+      value: %v
+`, registry))
+
+	q := &Qliksense{
+		QliksenseHome: tmpQlikSenseHome,
+		CrdBox:        packr.New("crds", "./crds"),
+	}
+
+	qConfig := qapi.NewQConfig(q.QliksenseHome)
+	qcr, err := qConfig.GetCurrentCR()
+	if err != nil {
+		t.Fatalf("unexpected error getting current CR: %v", err)
+	}
+
+	originalOperatorString := q.GetOperatorControllerString()
+
+	processedOperatorString, err := q.getProcessedOperatorControllerString(qcr)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	controllerImageChecks := map[string]func(t *testing.T, controllerImage string){
+		originalOperatorString: func(t *testing.T, controllerImage string) {
+			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", qliksenseOperatorImageRepo, qliksenseOperatorImageName)
+			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
+				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
+			}
+		},
+		processedOperatorString: func(t *testing.T, controllerImage string) {
+			expectedControllerImagePrefix := fmt.Sprintf("%v/%v:", registry, qliksenseOperatorImageName)
+			if !strings.HasPrefix(controllerImage, expectedControllerImagePrefix) {
+				t.Fatalf("expected controller image: %v to have prefix: %v", controllerImage, expectedControllerImagePrefix)
+			}
+		},
+	}
+
+	resourceFactory := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), nil)
+	for operatorString, controllerImageCheck := range controllerImageChecks {
+		resMap, err := resourceFactory.NewResMapFromBytes([]byte(operatorString))
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		res, err := resMap.GetById(resid.NewResId(resid.Gvk{
+			Group:   "apps",
+			Version: "v1",
+			Kind:    "Deployment",
+		}, "qliksense-operator"))
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		controllerImage, err := res.GetString("spec.template.spec.containers[0].image")
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		controllerImageCheck(t, controllerImage)
+	}
+}
--- a/pkg/qliksense/load_cr.go
+++ b/pkg/qliksense/load_cr.go
@@ -51,7 +51,7 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 	}

 	// encrypt the secrets and do base64 then update the CR
-	rsaPublicKey, _, err := qConfig.GetContextEncryptionKeyPair(cr.GetName())
+	encryptionKey, err := qConfig.GetEncryptionKeyFor(cr.GetName())
 	if err != nil {
 		return "", err
 	}
@@ -63,13 +63,17 @@ func (q *Qliksense) loadCrStringIntoFileSystem(crstr string, overwriteExistingCo
 					Value:   nv.Value,
 					SvcName: svc,
 				}
-				if err := q.processSecret(skv, rsaPublicKey, cr, false); err != nil {
+				if err := q.processSecret(skv, encryptionKey, cr, false); err != nil {
 					return cr.GetName(), err
 				}
 			}
 		}
 	}
-
+	if cr.Spec.FetchSource != nil && cr.Spec.FetchSource.AccessToken != "" {
+		if err := cr.SetFetchAccessToken(cr.Spec.FetchSource.AccessToken, encryptionKey); err != nil {
+			return "", err
+		}
+	}
 	// update manifestsRoot in case already exist
 	if existingCr, err := qConfig.GetCR(cr.GetName()); err == nil {
 		// cr exists, so update the manifestsRoot if version exist
Author	SHA1	Message	Date
Foysal Iqbal	ca15145499	update k-api (#315 ) Signed-off-by: Foysal Iqbal <mqb@qlik.com>	2020-04-13 14:03:03 -04:00
Foysal Iqbal	3274ebd12a	fix access token encrypt (#313 )	2020-04-13 09:43:35 -04:00
Foysal Iqbal	505b4ef4ce	add base64 flag and input pipe (#312 ) Signed-off-by: Foysal Iqbal <mqb@qlik.com>	2020-04-13 09:21:28 -04:00
Foysal Iqbal	a4e2b0dfe6	Change encryption (#307 )	2020-04-09 22:56:05 -04:00
Foysal Iqbal	7cf2b00f0b	fix windows copy error (#306 )	2020-04-09 13:49:44 -04:00
Ilir Bekteshi	d94454b832	Merge pull request #302 from qlik-oss/buildall [action] Build for all platforms on PR	2020-04-09 16:21:37 +02:00
Ashwathi Shiva	f4d0bd87f6	Preflight- Provide command into container (#301 ) * Supply command as a script into container working	2020-04-09 08:05:43 -04:00
Ilir Bekteshi	645d1496d4	[action] Build for all platforms on PR	2020-04-09 14:04:48 +02:00
Foysal Iqbal	65ce074981	move crds to base/crds folder (#298 )	2020-04-08 23:10:12 -04:00
Andriy Bulynko	323014d137	Fixing operator deployment's image renaming if the imageRegistry is set in the CR (#297 )	2020-04-08 20:59:33 -04:00
Foysal Iqbal	31262df504	add struct for fetch repo (#287 )	2020-04-08 13:37:08 -04:00
Andriy Bulynko	a15fe75b6c	Pulling/pushing GitOps and Preflight images (#286 )	2020-04-07 19:32:00 -04:00
Ashwathi Shiva	a59bf2d015	mongo image included for preflight check (#288 )	2020-04-07 18:40:38 -04:00
Foysal Iqbal	b36b8917da	add prefix preflight (#282 ) Signed-off-by: Foysal Iqbal <mqb@qlik.com>	2020-04-06 02:24:25 -04:00
Ashwathi Shiva	eed4d49665	Removing namespaces from role, rolebinding and sa checks (#280 ) * remove namespace from role, rolebinding and SA checks	2020-04-06 00:23:40 -04:00
Foysal Iqbal	34d35909a4	remove regex again (#279 ) Signed-off-by: Foysal Iqbal <mqb@qlik.com>	2020-04-05 22:13:32 -04:00