The operator has an introspection job that handles WebLogic domain encryption. The introspection job also addresses the use of Kubernetes Secrets with configuration overrides. For additional information on the configuration handling, see Configuration overrides.
The introspection job also creates a boot.properties file that is made available
to the pods in the WebLogic domain. The credential used for the
WebLogic domain is kept in a Kubernetes Secret which follows the naming pattern
<domainUID>-weblogic-credentials, where <domainUID> is
the unique identifier of the domain, for example, mydomain-weblogic-credentials.
For more information about the WebLogic credentials secret, see Secrets.
To better protect your credentials and private keys, the Kubernetes cluster should be set up with encryption. Please see the Kubernetes documentation about encryption at rest for secret data and using a KMS provider for data encryption.