From 0494d1b1efd18df7e05e6fbc82c591c20bbb1528 Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Tue, 21 Apr 2026 15:06:10 +0200
Subject: [PATCH 1/7] feat: improve UI secret loading code

Remove some duplication to make maintaining easier
---
 .../tests/pattern-catalog-page.cy.ts          |  60 ++--
 console/src/api.ts                            |  98 +++---
 console/src/components/InstallPatternPage.tsx | 300 ++++++------------
 console/src/components/ManageSecretsPage.tsx  | 198 ++----------
 console/src/components/PatternCatalogPage.tsx | 282 ++++++++++------
 .../SecretFormExpandableSections.tsx          |  95 ++++++
 .../SecretForm/VaultInjectionStatusAlert.tsx  |  51 +++
 .../src/components/UninstallPatternPage.tsx   |   8 +-
 console/src/hooks/useVaultJobPolling.ts       |  36 +++
 console/src/vaultSecrets.ts                   |  46 +++
 10 files changed, 631 insertions(+), 543 deletions(-)
 create mode 100644 console/src/components/SecretForm/SecretFormExpandableSections.tsx
 create mode 100644 console/src/components/SecretForm/VaultInjectionStatusAlert.tsx
 create mode 100644 console/src/hooks/useVaultJobPolling.ts
 create mode 100644 console/src/vaultSecrets.ts

diff --git a/console/integration-tests/tests/pattern-catalog-page.cy.ts b/console/integration-tests/tests/pattern-catalog-page.cy.ts
index 74aaf2e8c..8625c092c 100644
--- a/console/integration-tests/tests/pattern-catalog-page.cy.ts
+++ b/console/integration-tests/tests/pattern-catalog-page.cy.ts
@@ -25,9 +25,11 @@ describe('Pattern Catalog Page', () => {
 
   it('pattern cards show tier labels', () => {
     visitCatalog();
-    cy.get('.patterns-operator__card').first().within(() => {
-      cy.get('.pf-v6-c-label').should('exist');
-    });
+    cy.get('.patterns-operator__card')
+      .first()
+      .within(() => {
+        cy.get('.pf-v6-c-label').should('exist');
+      });
   });
 
   it('at least one pattern card displays a description', () => {
@@ -41,21 +43,21 @@ describe('Pattern Catalog Page', () => {
 
   it('pattern cards have external Docs and Repo links', () => {
     visitCatalog();
-    cy.get('.patterns-operator__card-links').first().within(() => {
-      cy.contains('a', 'Docs')
-        .should('have.attr', 'target', '_blank')
-        .and('have.attr', 'href');
-      cy.contains('a', 'Repo')
-        .should('have.attr', 'target', '_blank')
-        .and('have.attr', 'href');
-    });
+    cy.get('.patterns-operator__card-links')
+      .first()
+      .within(() => {
+        cy.contains('a', 'Docs').should('have.attr', 'target', '_blank').and('have.attr', 'href');
+        cy.contains('a', 'Repo').should('have.attr', 'target', '_blank').and('have.attr', 'href');
+      });
   });
 
   it('pattern cards have action buttons', () => {
     visitCatalog();
-    cy.get('.patterns-operator__card-actions').first().within(() => {
-      cy.get('button').should('have.length.greaterThan', 0);
-    });
+    cy.get('.patterns-operator__card-actions')
+      .first()
+      .within(() => {
+        cy.get('button').should('have.length.greaterThan', 0);
+      });
   });
 
   it('tier filter dropdown shows all tier options', () => {
@@ -71,24 +73,28 @@ describe('Pattern Catalog Page', () => {
 
   it('selecting all tiers shows at least as many cards as maintained only', () => {
     visitCatalog();
-    cy.get('.patterns-operator__card').its('length').then((maintainedCount) => {
-      // Open filter and add Tested
-      cy.contains('button', 'Maintained').click();
-      cy.contains('Tested').click();
-      // Dropdown may close after selection; re-open to add Sandbox
-      cy.contains('button', /Maintained/).click();
-      cy.contains('Sandbox').click();
-      // Close dropdown
-      cy.get('body').click(0, 0);
-      // With more tiers selected, card count should be >= maintained only
-      cy.get('.patterns-operator__card').should('have.length.gte', maintainedCount);
-    });
+    cy.get('.patterns-operator__card')
+      .its('length')
+      .then((maintainedCount) => {
+        // Open filter and add Tested
+        cy.contains('button', 'Maintained').click();
+        cy.contains('Tested').click();
+        // Dropdown may close after selection; re-open to add Sandbox
+        cy.contains('button', /Maintained/).click();
+        cy.contains('Sandbox').click();
+        // Close dropdown
+        cy.get('body').click(0, 0);
+        // With more tiers selected, card count should be >= maintained only
+        cy.get('.patterns-operator__card').should('have.length.gte', maintainedCount);
+      });
   });
 
   it('clicking Install navigates to the install page', () => {
     visitCatalog();
     cy.get('body').then(($body) => {
-      const installBtn = $body.find('.patterns-operator__card-actions button:not(:disabled):contains("Install")');
+      const installBtn = $body.find(
+        '.patterns-operator__card-actions button:not(:disabled):contains("Install")',
+      );
       if (installBtn.length === 0) {
         cy.log('No Install button available (a pattern may already be installed)');
         return;
diff --git a/console/src/api.ts b/console/src/api.ts
index 519c7882d..29891d248 100644
--- a/console/src/api.ts
+++ b/console/src/api.ts
@@ -8,9 +8,10 @@ declare const __PATTERN_OPERATOR_NS__: string;
 const DEFAULT_PATTERN_OPERATOR_NS = 'patterns-operator';
 export const PATTERN_OPERATOR_NS = __PATTERN_OPERATOR_NS__ || DEFAULT_PATTERN_OPERATOR_NS;
 
-const DEFAULT_PATTERN_UI_CATALOG_BASE_URL = '/api/proxy/plugin/patterns-operator-console-plugin/pattern-ui-catalog';
-const PATTERN_UI_CATALOG_BASE_URL = __PATTERN_UI_CATALOG_BASE_URL__ || DEFAULT_PATTERN_UI_CATALOG_BASE_URL;
-
+const DEFAULT_PATTERN_UI_CATALOG_BASE_URL =
+  '/api/proxy/plugin/patterns-operator-console-plugin/pattern-ui-catalog';
+const PATTERN_UI_CATALOG_BASE_URL =
+  __PATTERN_UI_CATALOG_BASE_URL__ || DEFAULT_PATTERN_UI_CATALOG_BASE_URL;
 
 async function fetchYAML<T>(url: string): Promise<T> {
   const response = await consoleFetch(url, { cache: 'no-store' });
@@ -28,9 +29,8 @@ export async function fetchPattern(name: string): Promise<Pattern> {
 
 export async function fetchCatalogImage(): Promise<string> {
   try {
-    var response = await consoleFetch(
+    const response = await consoleFetch(
       `/api/kubernetes/apis/apps/v1/namespaces/${PATTERN_OPERATOR_NS}/deployments/patterns-operator-pattern-ui-catalog`,
-
     );
     const data = await response.json();
     const containers = data.spec?.template?.spec?.containers || [];
@@ -39,12 +39,14 @@ export async function fetchCatalogImage(): Promise<string> {
     );
     return catalogContainer?.image || 'unknown';
   } catch (error) {
-    return 'unknown'
+    return 'unknown';
   }
-
 }
 
-export async function fetchAllPatterns(): Promise<{ patterns: Pattern[]; catalogDescription?: string }> {
+export async function fetchAllPatterns(): Promise<{
+  patterns: Pattern[];
+  catalogDescription?: string;
+}> {
   const catalog = await fetchCatalog();
   const patterns = await Promise.all(
     catalog.patterns.map(async (key) => {
@@ -78,7 +80,9 @@ export interface VaultInjectionResponse {
   secretName?: string;
 }
 
-export async function triggerVaultInjection(request: VaultInjectionRequest): Promise<VaultInjectionResponse> {
+export async function triggerVaultInjection(
+  request: VaultInjectionRequest,
+): Promise<VaultInjectionResponse> {
   try {
     console.log('🚀 [API] Starting vault injection for pattern:', request.patternName);
     console.log('📊 [API] Request details:', {
@@ -87,7 +91,7 @@ export async function triggerVaultInjection(request: VaultInjectionRequest): Pro
       hasTemplate: !!request.templateYaml,
       vaultNamespace: request.vaultNamespace || 'vault',
       vaultPod: request.vaultPod || 'vault-0',
-      vaultHub: request.vaultHub || 'hub'
+      vaultHub: request.vaultHub || 'hub',
     });
 
     const timestamp = Date.now();
@@ -122,18 +126,25 @@ export async function triggerVaultInjection(request: VaultInjectionRequest): Pro
     };
 
     // Create the secret
-    console.log('🔐 [API] Creating secret with payload size:', JSON.stringify(secret).length, 'bytes');
+    console.log(
+      '🔐 [API] Creating secret with payload size:',
+      JSON.stringify(secret).length,
+      'bytes',
+    );
     console.log('🔐 [API] Secret metadata:', {
       name: secret.metadata.name,
       namespace: secret.metadata.namespace,
-      labels: secret.metadata.labels
+      labels: secret.metadata.labels,
     });
 
-    const secretResponse = await consoleFetch(`/api/kubernetes/api/v1/namespaces/${PATTERN_OPERATOR_NS}/secrets`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(secret),
-    });
+    const secretResponse = await consoleFetch(
+      `/api/kubernetes/api/v1/namespaces/${PATTERN_OPERATOR_NS}/secrets`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(secret),
+      },
+    );
 
     if (!secretResponse.ok) {
       const errorText = await secretResponse.text();
@@ -146,7 +157,7 @@ export async function triggerVaultInjection(request: VaultInjectionRequest): Pro
     console.log('✅ [API] Secret creation result:', {
       name: secretResult.metadata?.name,
       uid: secretResult.metadata?.uid,
-      creationTimestamp: secretResult.metadata?.creationTimestamp
+      creationTimestamp: secretResult.metadata?.creationTimestamp,
     });
 
     // Now create a Job that uses this secret
@@ -329,14 +340,17 @@ PLAYBOOK_EOF
       namespace: job.metadata.namespace,
       labels: job.metadata.labels,
       serviceAccountName: job.spec.template.spec.serviceAccountName,
-      containerImage: job.spec.template.spec.containers[0].image
+      containerImage: job.spec.template.spec.containers[0].image,
     });
 
-    const jobResponse = await consoleFetch(`/api/kubernetes/apis/batch/v1/namespaces/${PATTERN_OPERATOR_NS}/jobs`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(job),
-    });
+    const jobResponse = await consoleFetch(
+      `/api/kubernetes/apis/batch/v1/namespaces/${PATTERN_OPERATOR_NS}/jobs`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(job),
+      },
+    );
 
     if (!jobResponse.ok) {
       const errorText = await jobResponse.text();
@@ -350,7 +364,7 @@ PLAYBOOK_EOF
       name: jobData.metadata?.name,
       uid: jobData.metadata?.uid,
       creationTimestamp: jobData.metadata?.creationTimestamp,
-      backoffLimit: jobData.spec?.backoffLimit
+      backoffLimit: jobData.spec?.backoffLimit,
     });
 
     console.log('🎉 [API] Vault injection setup completed successfully');
@@ -365,7 +379,7 @@ PLAYBOOK_EOF
     console.error('🔴 [API] Error details:', {
       name: error.name,
       message: error.message,
-      stack: error.stack
+      stack: error.stack,
     });
     return {
       success: false,
@@ -382,18 +396,21 @@ export async function fetchVaultJobStatus(patternName: string): Promise<VaultJob
 
     const response = await consoleFetch(url);
     if (!response.ok) {
-      console.error(`🔴 [API] Failed to fetch vault job status: ${response.status} ${response.statusText}`);
+      console.error(
+        `🔴 [API] Failed to fetch vault job status: ${response.status} ${response.statusText}`,
+      );
       throw new Error(`Failed to fetch vault job status: ${response.status}`);
     }
 
     const data = await response.json();
     console.log(`📋 [API] Jobs response received:`, {
       itemCount: data.items?.length || 0,
-      items: data.items?.map(job => ({
-        name: job.metadata?.name,
-        creationTimestamp: job.metadata?.creationTimestamp,
-        status: job.status
-      })) || []
+      items:
+        data.items?.map((job) => ({
+          name: job.metadata?.name,
+          creationTimestamp: job.metadata?.creationTimestamp,
+          status: job.status,
+        })) || [],
     });
 
     if (!data.items || data.items.length === 0) {
@@ -412,7 +429,9 @@ export async function fetchVaultJobStatus(patternName: string): Promise<VaultJob
       jobName: job.metadata?.name,
       creationTimestamp: job.metadata?.creationTimestamp,
       status: jobStatus,
-      conditions: jobStatus.conditions?.map(c => ({ type: c.type, status: c.status, reason: c.reason })) || []
+      conditions:
+        jobStatus.conditions?.map((c) => ({ type: c.type, status: c.status, reason: c.reason })) ||
+        [],
     });
 
     let status: VaultJobStatus['status'] = 'pending';
@@ -448,7 +467,7 @@ export async function fetchVaultJobStatus(patternName: string): Promise<VaultJob
     console.error(`🔴 [API] Error details:`, {
       name: error.name,
       message: error.message,
-      stack: error.stack
+      stack: error.stack,
     });
     return {
       status: 'not-found',
@@ -510,8 +529,11 @@ export async function fetchPatternCR(name: string): Promise<PatternCRStatus> {
     };
   } catch (err) {
     // consoleFetch may throw on 404 instead of returning a response
-    if (err?.response?.status === 404 || err?.status === 404 ||
-        (err?.message && /404|not found/i.test(err.message))) {
+    if (
+      err?.response?.status === 404 ||
+      err?.status === 404 ||
+      (err?.message && /404|not found/i.test(err.message))
+    ) {
       return { exists: false };
     }
     throw err;
@@ -531,7 +553,9 @@ export async function deletePattern(name: string): Promise<void> {
 
 export async function fetchSecretTemplate(name: string): Promise<SecretTemplate | null> {
   try {
-    return await fetchYAML<SecretTemplate>(`${PATTERN_UI_CATALOG_BASE_URL}/${name}/values-secret.yaml.template`);
+    return await fetchYAML<SecretTemplate>(
+      `${PATTERN_UI_CATALOG_BASE_URL}/${name}/values-secret.yaml.template`,
+    );
   } catch {
     return null; // Template doesn't exist
   }
diff --git a/console/src/components/InstallPatternPage.tsx b/console/src/components/InstallPatternPage.tsx
index eb2d72d50..8a116c5dc 100644
--- a/console/src/components/InstallPatternPage.tsx
+++ b/console/src/components/InstallPatternPage.tsx
@@ -14,7 +14,6 @@ import {
   DescriptionListDescription,
   DescriptionListGroup,
   DescriptionListTerm,
-  ExpandableSection,
   Form,
   FormGroup,
   Label,
@@ -23,32 +22,21 @@ import {
   TextInput,
   Title,
 } from '@patternfly/react-core';
-import {
-  Table,
-  Thead,
-  Tbody,
-  Tr,
-  Th,
-  Td,
-} from '@patternfly/react-table';
+import { Table, Thead, Tbody, Tr, Th, Td } from '@patternfly/react-table';
 import { k8sCreate } from '@openshift-console/dynamic-plugin-sdk';
 import {
   fetchPattern,
   fetchPatternCR,
   fetchSecretTemplate,
-  fetchVaultJobStatus,
   triggerVaultInjection as apiTriggerVaultInjection,
   PATTERN_OPERATOR_NS,
   PatternCRStatus,
-  VaultJobStatus,
-  VaultInjectionRequest
 } from '../api';
-import { SecretTemplate, SecretFormData, SecretDefinition, SecretField } from '../types';
-import { GenerateField } from './SecretForm/GenerateField';
-import { PromptField } from './SecretForm/PromptField';
-import { FileField } from './SecretForm/FileField';
-import { IniField } from './SecretForm/IniField';
-import { StaticField } from './SecretForm/StaticField';
+import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
+import { buildVaultInjectionYaml } from '../vaultSecrets';
+import { SecretTemplate, SecretFormData } from '../types';
+import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
+import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
 import './SecretForm/SecretForm.css';
 
 const PatternModel = {
@@ -85,8 +73,8 @@ export default function InstallPatternPage() {
   const [secretTemplate, setSecretTemplate] = React.useState<SecretTemplate | null>(null);
   const [secretFormData, setSecretFormData] = React.useState<SecretFormData>({});
   const [expandedSections, setExpandedSections] = React.useState<Record<string, boolean>>({});
-  const [vaultJobStatus, setVaultJobStatus] = React.useState<VaultJobStatus | null>(null);
-  const [checkingVaultStatus, setCheckingVaultStatus] = React.useState(false);
+  const { vaultJobStatus, setVaultJobStatus, checkingVaultStatus, checkVaultJobStatus } =
+    useVaultJobPolling(patternName);
   const [patternStatus, setPatternStatus] = React.useState<PatternCRStatus | null>(null);
 
   React.useEffect(() => {
@@ -97,7 +85,7 @@ export default function InstallPatternPage() {
         console.log('🟢 [InstallPatternPage] Pattern data loaded successfully:', {
           patternName: patternData.name,
           repoUrl: patternData.repo_url,
-          hasSecretTemplate: !!template
+          hasSecretTemplate: !!template,
         });
 
         setPatternName(patternData.name);
@@ -114,7 +102,9 @@ export default function InstallPatternPage() {
           const initialExpanded: Record<string, boolean> = {};
 
           template.secrets.forEach((secret, index) => {
-            console.log(`🔧 [InstallPatternPage] Processing secret: ${secret.name} with ${secret.fields.length} fields`);
+            console.log(
+              `🔧 [InstallPatternPage] Processing secret: ${secret.name} with ${secret.fields.length} fields`,
+            );
             initialData[secret.name] = {};
             secret.fields.forEach((field) => {
               initialData[secret.name][field.name] = '';
@@ -126,7 +116,7 @@ export default function InstallPatternPage() {
           console.log('🔧 [InstallPatternPage] Secret form initialized:', {
             secretCount: template.secrets.length,
             initialData: Object.keys(initialData),
-            expandedSections: Object.keys(initialExpanded).filter(key => initialExpanded[key])
+            expandedSections: Object.keys(initialExpanded).filter((key) => initialExpanded[key]),
           });
 
           setSecretFormData(initialData);
@@ -157,52 +147,21 @@ export default function InstallPatternPage() {
     console.log('✅ [InstallPatternPage] All required data present for vault injection:', {
       patternName,
       secretDataKeys: Object.keys(secretFormData),
-      templateSecrets: secretTemplate.secrets.map(s => s.name)
+      templateSecrets: secretTemplate.secrets.map((s) => s.name),
     });
 
     try {
-      // Convert secretFormData to YAML format with proper structure for vault_load_secrets
-      const yaml = await import('js-yaml');
-      console.log('🔄 [InstallPatternPage] Converting secretFormData to YAML:', secretFormData);
-
-      // Build the v2.0 secrets list structure expected by parse_secrets_info
-      const secretsList = secretTemplate.secrets.map((secretDef) => {
-        const formValues = secretFormData[secretDef.name] || {};
-        const secret: any = { name: secretDef.name };
-        if (secretDef.vaultMount) secret.vaultMount = secretDef.vaultMount;
-        if (secretDef.vaultPrefixes) secret.vaultPrefixes = secretDef.vaultPrefixes;
-        secret.fields = secretDef.fields.map((fieldDef) => {
-          const field: any = { name: fieldDef.name };
-          if (fieldDef.onMissingValue) field.onMissingValue = fieldDef.onMissingValue;
-          if (fieldDef.vaultPolicy) field.vaultPolicy = fieldDef.vaultPolicy;
-          if (fieldDef.base64) field.base64 = fieldDef.base64;
-          if (fieldDef.override) field.override = fieldDef.override;
-          const val = formValues[fieldDef.name];
-          if (typeof val === 'string' && val !== '') {
-            field.value = val;
-            // User provided an explicit value, so don't auto-generate
-            if (fieldDef.onMissingValue === 'generate') {
-              delete field.onMissingValue;
-              delete field.vaultPolicy;
-            }
-          }
-          return field;
-        });
-        return secret;
-      });
-
-      const vaultSecretStructure: SecretTemplate = {
-        version: '2.0',
-        secrets: secretsList,
-        vaultPolicies: secretTemplate?.vaultPolicies || null
-      };
-
-      const valuesSecretYaml = yaml.dump(vaultSecretStructure);
-      const templateYaml = JSON.stringify(secretTemplate, null, 2);
-      console.log('✅ [InstallPatternPage] Generated values YAML with vault structure:', valuesSecretYaml);
+      const { valuesSecretYaml, templateYaml } = await buildVaultInjectionYaml(
+        secretTemplate,
+        secretFormData,
+      );
+      console.log(
+        '✅ [InstallPatternPage] Generated values YAML with vault structure:',
+        valuesSecretYaml,
+      );
       console.log('✅ [InstallPatternPage] Generated template YAML:', templateYaml);
 
-      const request: VaultInjectionRequest = {
+      const request = {
         patternName,
         valuesSecretYaml,
         templateYaml,
@@ -213,7 +172,9 @@ export default function InstallPatternPage() {
       console.log('📥 [InstallPatternPage] Vault injection result:', result);
 
       if (result.success) {
-        console.log('✅ [InstallPatternPage] Vault injection triggered successfully, starting job status polling');
+        console.log(
+          '✅ [InstallPatternPage] Vault injection triggered successfully, starting job status polling',
+        );
         // Start polling for job status
         setTimeout(() => {
           checkVaultJobStatus();
@@ -235,40 +196,13 @@ export default function InstallPatternPage() {
     }
   }, [patternName, secretFormData, secretTemplate]);
 
-  const checkVaultJobStatus = React.useCallback(async () => {
-    if (!patternName) {
-      console.log('🟡 [InstallPatternPage] No pattern name for vault job status check');
-      return;
-    }
-
-    try {
-      console.log('🔍 [InstallPatternPage] Checking vault job status for pattern:', patternName);
-      setCheckingVaultStatus(true);
-      const status = await fetchVaultJobStatus(patternName);
-      console.log('📋 [InstallPatternPage] Vault job status received:', status);
-      setVaultJobStatus(status);
-
-      // Continue polling if job is still running or pending
-      if (status.status === 'running' || status.status === 'pending') {
-        console.log('⏳ [InstallPatternPage] Job still in progress, will poll again in 5 seconds');
-        setTimeout(() => {
-          checkVaultJobStatus();
-        }, 5000); // Poll every 5 seconds
-      } else {
-        console.log('✅ [InstallPatternPage] Job finished with status:', status.status);
-      }
-    } catch (err) {
-      console.error('🔴 [InstallPatternPage] Error checking vault job status:', err);
-    } finally {
-      setCheckingVaultStatus(false);
-    }
-  }, [patternName]);
-
   // Check vault job status on component mount if secrets were configured
   React.useEffect(() => {
     const hasSecretData = secretFormData && Object.keys(secretFormData).length > 0;
     if (success && hasSecretData && secretTemplate && patternName) {
-      console.log('⏰ [InstallPatternPage] Pattern created successfully with secrets, starting vault job status check');
+      console.log(
+        '⏰ [InstallPatternPage] Pattern created successfully with secrets, starting vault job status check',
+      );
       const timer = setTimeout(() => {
         checkVaultJobStatus();
       }, 2000); // Wait 2 seconds after pattern creation
@@ -282,7 +216,9 @@ export default function InstallPatternPage() {
 
     // Initial fetch after a short delay to let the reconciler start
     const initialTimer = setTimeout(() => {
-      fetchPatternCR(patternName).then(setPatternStatus).catch(() => {});
+      fetchPatternCR(patternName)
+        .then(setPatternStatus)
+        .catch(() => undefined);
     }, 3000);
 
     const interval = setInterval(async () => {
@@ -330,7 +266,7 @@ export default function InstallPatternPage() {
         targetRepo,
         targetRevision,
         hasSecrets,
-        secretCount: hasSecrets ? Object.keys(secretFormData).length : 0
+        secretCount: hasSecrets ? Object.keys(secretFormData).length : 0,
       });
       const patternData: {
         apiVersion: string;
@@ -357,7 +293,10 @@ export default function InstallPatternPage() {
         },
       };
 
-      console.log('🔧 [InstallPatternPage] Creating Pattern CR with data:', JSON.stringify(patternData, null, 2));
+      console.log(
+        '🔧 [InstallPatternPage] Creating Pattern CR with data:',
+        JSON.stringify(patternData, null, 2),
+      );
 
       await k8sCreate({
         model: PatternModel,
@@ -389,7 +328,9 @@ export default function InstallPatternPage() {
     fieldName: string,
     value: string | File | null,
   ) => {
-    console.log(`🔄 [InstallPatternPage] Secret field changed: ${secretName}.${fieldName}`, { value: value instanceof File ? `[File: ${value.name}]` : value });
+    console.log(`🔄 [InstallPatternPage] Secret field changed: ${secretName}.${fieldName}`, {
+      value: value instanceof File ? `[File: ${value.name}]` : value,
+    });
     setSecretFormData((prev) => ({
       ...prev,
       [secretName]: {
@@ -407,41 +348,6 @@ export default function InstallPatternPage() {
     }));
   };
 
-  const getFieldType = (field: SecretField): 'generate' | 'prompt' | 'file' | 'ini' | 'static' => {
-    if (field.onMissingValue === 'generate') return 'generate';
-    if (field.path) return 'file';
-    if (field.ini_file) return 'ini';
-    if (field.value !== undefined && field.value !== null) return 'static';
-    return 'prompt'; // Default to prompt for required fields
-  };
-
-  const renderField = (secret: SecretDefinition, field: SecretField) => {
-    const fieldType = getFieldType(field);
-    const value = secretFormData[secret.name]?.[field.name] || '';
-
-    const commonProps = {
-      field,
-      value,
-      onChange: (newValue: string | File | null) =>
-        handleFieldChange(secret.name, field.name, newValue),
-    };
-
-    switch (fieldType) {
-      case 'generate':
-        return <GenerateField key={field.name} {...commonProps} />;
-      case 'prompt':
-        return <PromptField key={field.name} {...commonProps} />;
-      case 'file':
-        return <FileField key={field.name} {...commonProps} />;
-      case 'ini':
-        return <IniField key={field.name} {...commonProps} />;
-      case 'static':
-        return <StaticField key={field.name} {...commonProps} />;
-      default:
-        return <PromptField key={field.name} {...commonProps} />;
-    }
-  };
-
   if (loading) {
     return (
       <PageSection>
@@ -474,7 +380,8 @@ export default function InstallPatternPage() {
             <Alert variant="success" title={t('Pattern created successfully')}>
               <p>
                 {(() => {
-                  const hasSecrets = secretTemplate && secretFormData && Object.keys(secretFormData).length > 0;
+                  const hasSecrets =
+                    secretTemplate && secretFormData && Object.keys(secretFormData).length > 0;
                   const reconcileComplete = patternStatus?.lastStep === 'reconcile complete';
                   const vaultDone = !hasSecrets || vaultJobStatus?.status === 'succeeded';
                   if (reconcileComplete && vaultDone) {
@@ -502,7 +409,9 @@ export default function InstallPatternPage() {
                         <DescriptionListTerm>{t('Current Step')}</DescriptionListTerm>
                         <DescriptionListDescription>
                           <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
-                            {!patternStatus.lastError && <Spinner size="md" aria-label={t('Reconciling')} />}
+                            {!patternStatus.lastError && (
+                              <Spinner size="md" aria-label={t('Reconciling')} />
+                            )}
                             <span>{patternStatus.lastStep}</span>
                           </div>
                         </DescriptionListDescription>
@@ -520,7 +429,9 @@ export default function InstallPatternPage() {
 
                   {patternStatus.applications && patternStatus.applications.length > 0 && (
                     <div style={{ marginTop: '16px' }}>
-                      <Title headingLevel="h4" style={{ marginBottom: '8px' }}>{t('Applications')}</Title>
+                      <Title headingLevel="h4" style={{ marginBottom: '8px' }}>
+                        {t('Applications')}
+                      </Title>
                       <Table aria-label={t('Pattern applications')} variant="compact">
                         <Thead>
                           <Tr>
@@ -536,12 +447,30 @@ export default function InstallPatternPage() {
                               <Td dataLabel={t('Name')}>{app.name}</Td>
                               <Td dataLabel={t('Namespace')}>{app.namespace}</Td>
                               <Td dataLabel={t('Sync')}>
-                                <Label color={app.syncStatus === 'Synced' ? 'green' : app.syncStatus === 'OutOfSync' ? 'orange' : 'grey'}>
+                                <Label
+                                  color={
+                                    app.syncStatus === 'Synced'
+                                      ? 'green'
+                                      : app.syncStatus === 'OutOfSync'
+                                      ? 'orange'
+                                      : 'grey'
+                                  }
+                                >
                                   {app.syncStatus || 'Unknown'}
                                 </Label>
                               </Td>
                               <Td dataLabel={t('Health')}>
-                                <Label color={app.healthStatus === 'Healthy' ? 'green' : app.healthStatus === 'Degraded' ? 'red' : app.healthStatus === 'Progressing' ? 'blue' : 'grey'}>
+                                <Label
+                                  color={
+                                    app.healthStatus === 'Healthy'
+                                      ? 'green'
+                                      : app.healthStatus === 'Degraded'
+                                      ? 'red'
+                                      : app.healthStatus === 'Progressing'
+                                      ? 'blue'
+                                      : 'grey'
+                                  }
+                                >
                                   {app.healthStatus || 'Unknown'}
                                 </Label>
                               </Td>
@@ -552,44 +481,37 @@ export default function InstallPatternPage() {
                     </div>
                   )}
 
-                  {(!patternStatus.applications || patternStatus.applications.length === 0) && !patternStatus.lastError && (
-                    <div style={{ marginTop: '16px', display: 'flex', alignItems: 'center', gap: '8px' }}>
-                      <Spinner size="md" aria-label={t('Waiting for applications')} />
-                      <span>{t('Waiting for ArgoCD applications to be created...')}</span>
-                    </div>
-                  )}
+                  {(!patternStatus.applications || patternStatus.applications.length === 0) &&
+                    !patternStatus.lastError && (
+                      <div
+                        style={{
+                          marginTop: '16px',
+                          display: 'flex',
+                          alignItems: 'center',
+                          gap: '8px',
+                        }}
+                      >
+                        <Spinner size="md" aria-label={t('Waiting for applications')} />
+                        <span>{t('Waiting for ArgoCD applications to be created...')}</span>
+                      </div>
+                    )}
                 </CardBody>
               </Card>
             )}
           </>
         )}
         {/* Vault injection status */}
-        {success && secretFormData && Object.keys(secretFormData).length > 0 && secretTemplate && vaultJobStatus && (
-          <Alert
-            style={{ marginTop: '16px' }}
-            variant={
-              vaultJobStatus.status === 'succeeded'
-                ? 'success'
-                : vaultJobStatus.status === 'failed'
-                ? 'danger'
-                : 'info'
-            }
-            title={t('Vault Secret Injection')}
-            isInline
-          >
-            <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
-              {(vaultJobStatus.status === 'running' || vaultJobStatus.status === 'pending' || checkingVaultStatus) && (
-                <Spinner aria-label={t('Checking vault status')} size="md" />
-              )}
-              <span>{vaultJobStatus.message}</span>
-            </div>
-            {vaultJobStatus.jobName && (
-              <p style={{ marginTop: '8px', fontSize: '0.9em', color: '#4f5255' }}>
-                {t('Job')}: <a href={`/k8s/ns/${PATTERN_OPERATOR_NS}/jobs/${vaultJobStatus.jobName}`}><code>{vaultJobStatus.jobName}</code></a>
-              </p>
-            )}
-          </Alert>
-        )}
+        {success &&
+          secretFormData &&
+          Object.keys(secretFormData).length > 0 &&
+          secretTemplate &&
+          vaultJobStatus && (
+            <VaultInjectionStatusAlert
+              style={{ marginTop: '16px' }}
+              vaultJobStatus={vaultJobStatus}
+              checkingVaultStatus={checkingVaultStatus}
+            />
+          )}
         {submitError && (
           <Alert variant="danger" title={t('Failed to create pattern')}>
             {submitError}
@@ -641,35 +563,13 @@ export default function InstallPatternPage() {
                 <Alert variant="info" title={t('Optional Secret Configuration')} isInline>
                   {t('Configure secrets that will be injected into Vault for this pattern.')}
                 </Alert>
-                <div className="patterns-operator__secret-form">
-                  {secretTemplate.secrets.map((secret) => (
-                    <ExpandableSection
-                      key={secret.name}
-                      toggleText={secret.name}
-                      isExpanded={expandedSections[secret.name] || false}
-                      onToggle={() => toggleSection(secret.name)}
-                      className="patterns-operator__secret-section"
-                    >
-                      <Card>
-                        <CardTitle>{secret.name}</CardTitle>
-                        <CardBody>
-                          {secret.fields.map((field) => (
-                            <FormGroup
-                              key={field.name}
-                              label={field.name}
-                              helperText={field.description}
-                              isRequired={getFieldType(field) === 'prompt'}
-                              fieldId={`secret-${secret.name}-${field.name}`}
-                              className="patterns-operator__secret-field"
-                            >
-                              {renderField(secret, field)}
-                            </FormGroup>
-                          ))}
-                        </CardBody>
-                      </Card>
-                    </ExpandableSection>
-                  ))}
-                </div>
+                <SecretFormExpandableSections
+                  secrets={secretTemplate.secrets}
+                  secretFormData={secretFormData}
+                  expandedSections={expandedSections}
+                  onToggleSection={toggleSection}
+                  onFieldChange={handleFieldChange}
+                />
               </FormGroup>
             )}
 
diff --git a/console/src/components/ManageSecretsPage.tsx b/console/src/components/ManageSecretsPage.tsx
index 18174c812..cf76b9f14 100644
--- a/console/src/components/ManageSecretsPage.tsx
+++ b/console/src/components/ManageSecretsPage.tsx
@@ -6,12 +6,7 @@ import {
   ActionGroup,
   Alert,
   Button,
-  Card,
-  CardBody,
-  CardTitle,
-  ExpandableSection,
   Form,
-  FormGroup,
   PageSection,
   Spinner,
   Title,
@@ -19,18 +14,13 @@ import {
 import {
   fetchPattern,
   fetchSecretTemplate,
-  fetchVaultJobStatus,
   triggerVaultInjection as apiTriggerVaultInjection,
-  PATTERN_OPERATOR_NS,
-  VaultJobStatus,
-  VaultInjectionRequest,
 } from '../api';
-import { SecretTemplate, SecretFormData, SecretDefinition, SecretField } from '../types';
-import { GenerateField } from './SecretForm/GenerateField';
-import { PromptField } from './SecretForm/PromptField';
-import { FileField } from './SecretForm/FileField';
-import { IniField } from './SecretForm/IniField';
-import { StaticField } from './SecretForm/StaticField';
+import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
+import { buildVaultInjectionYaml } from '../vaultSecrets';
+import { SecretTemplate, SecretFormData } from '../types';
+import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
+import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
 import './SecretForm/SecretForm.css';
 
 export default function ManageSecretsPage() {
@@ -50,11 +40,10 @@ export default function ManageSecretsPage() {
   const [secretTemplate, setSecretTemplate] = React.useState<SecretTemplate | null>(null);
   const [secretFormData, setSecretFormData] = React.useState<SecretFormData>({});
   const [expandedSections, setExpandedSections] = React.useState<Record<string, boolean>>({});
-  const [vaultJobStatus, setVaultJobStatus] = React.useState<VaultJobStatus | null>(null);
-  const [checkingVaultStatus, setCheckingVaultStatus] = React.useState(false);
+  const { vaultJobStatus, setVaultJobStatus, checkingVaultStatus, checkVaultJobStatus } =
+    useVaultJobPolling(patternName);
 
   React.useEffect(() => {
-
     Promise.all([fetchPattern(name), fetchSecretTemplate(name)])
       .then(([patternData, template]) => {
         setPatternName(patternData.name);
@@ -86,26 +75,6 @@ export default function ManageSecretsPage() {
       });
   }, [name]);
 
-  const checkVaultJobStatus = React.useCallback(async () => {
-    if (!patternName) return;
-
-    try {
-      setCheckingVaultStatus(true);
-      const status = await fetchVaultJobStatus(patternName);
-      setVaultJobStatus(status);
-
-      if (status.status === 'running' || status.status === 'pending') {
-        setTimeout(() => {
-          checkVaultJobStatus();
-        }, 5000);
-      }
-    } catch (err) {
-      console.error('Error checking vault job status:', err);
-    } finally {
-      setCheckingVaultStatus(false);
-    }
-  }, [patternName]);
-
   const handleSubmit = async () => {
     setSubmitting(true);
     setSubmitError(null);
@@ -113,42 +82,12 @@ export default function ManageSecretsPage() {
     setVaultJobStatus(null);
 
     try {
-      const yaml = await import('js-yaml');
-
-      const secretsList = secretTemplate.secrets.map((secretDef) => {
-        const formValues = secretFormData[secretDef.name] || {};
-        const secret: any = { name: secretDef.name };
-        if (secretDef.vaultMount) secret.vaultMount = secretDef.vaultMount;
-        if (secretDef.vaultPrefixes) secret.vaultPrefixes = secretDef.vaultPrefixes;
-        secret.fields = secretDef.fields.map((fieldDef) => {
-          const field: any = { name: fieldDef.name };
-          if (fieldDef.onMissingValue) field.onMissingValue = fieldDef.onMissingValue;
-          if (fieldDef.vaultPolicy) field.vaultPolicy = fieldDef.vaultPolicy;
-          if (fieldDef.base64) field.base64 = fieldDef.base64;
-          if (fieldDef.override) field.override = fieldDef.override;
-          const val = formValues[fieldDef.name];
-          if (typeof val === 'string' && val !== '') {
-            field.value = val;
-            if (fieldDef.onMissingValue === 'generate') {
-              delete field.onMissingValue;
-              delete field.vaultPolicy;
-            }
-          }
-          return field;
-        });
-        return secret;
-      });
+      const { valuesSecretYaml, templateYaml } = await buildVaultInjectionYaml(
+        secretTemplate,
+        secretFormData,
+      );
 
-      const vaultSecretStructure: SecretTemplate = {
-        version: '2.0',
-        secrets: secretsList,
-        vaultPolicies: secretTemplate?.vaultPolicies || null
-      };
-
-      const valuesSecretYaml = yaml.dump(vaultSecretStructure);
-      const templateYaml = JSON.stringify(secretTemplate, null, 2);
-
-      const request: VaultInjectionRequest = {
+      const request = {
         patternName,
         valuesSecretYaml,
         templateYaml,
@@ -192,41 +131,6 @@ export default function ManageSecretsPage() {
     }));
   };
 
-  const getFieldType = (field: SecretField): 'generate' | 'prompt' | 'file' | 'ini' | 'static' => {
-    if (field.onMissingValue === 'generate') return 'generate';
-    if (field.path) return 'file';
-    if (field.ini_file) return 'ini';
-    if (field.value !== undefined && field.value !== null) return 'static';
-    return 'prompt';
-  };
-
-  const renderField = (secret: SecretDefinition, field: SecretField) => {
-    const fieldType = getFieldType(field);
-    const value = secretFormData[secret.name]?.[field.name] || '';
-
-    const commonProps = {
-      field,
-      value,
-      onChange: (newValue: string | File | null) =>
-        handleFieldChange(secret.name, field.name, newValue),
-    };
-
-    switch (fieldType) {
-      case 'generate':
-        return <GenerateField key={field.name} {...commonProps} />;
-      case 'prompt':
-        return <PromptField key={field.name} {...commonProps} />;
-      case 'file':
-        return <FileField key={field.name} {...commonProps} />;
-      case 'ini':
-        return <IniField key={field.name} {...commonProps} />;
-      case 'static':
-        return <StaticField key={field.name} {...commonProps} />;
-      default:
-        return <PromptField key={field.name} {...commonProps} />;
-    }
-  };
-
   if (loading) {
     return (
       <PageSection>
@@ -264,9 +168,7 @@ export default function ManageSecretsPage() {
         <title>{t('Manage Secrets')}</title>
       </Helmet>
       <PageSection>
-        <Title headingLevel="h1">
-          {t('Manage Secrets for {{displayName}}', { displayName })}
-        </Title>
+        <Title headingLevel="h1">{t('Manage Secrets for {{displayName}}', { displayName })}</Title>
       </PageSection>
       <PageSection>
         {success && (
@@ -275,30 +177,11 @@ export default function ManageSecretsPage() {
           </Alert>
         )}
         {success && vaultJobStatus && (
-          <Alert
+          <VaultInjectionStatusAlert
             style={{ marginTop: '16px' }}
-            variant={
-              vaultJobStatus.status === 'succeeded'
-                ? 'success'
-                : vaultJobStatus.status === 'failed'
-                ? 'danger'
-                : 'info'
-            }
-            title={t('Vault Secret Injection')}
-            isInline
-          >
-            <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
-              {(vaultJobStatus.status === 'running' || vaultJobStatus.status === 'pending' || checkingVaultStatus) && (
-                <Spinner aria-label={t('Checking vault status')} size="md" />
-              )}
-              <span>{vaultJobStatus.message}</span>
-            </div>
-            {vaultJobStatus.jobName && (
-              <p style={{ marginTop: '8px', fontSize: '0.9em', color: '#4f5255' }}>
-                {t('Job')}: <a href={`/k8s/ns/${PATTERN_OPERATOR_NS}/jobs/${vaultJobStatus.jobName}`}><code>{vaultJobStatus.jobName}</code></a>
-              </p>
-            )}
-          </Alert>
+            vaultJobStatus={vaultJobStatus}
+            checkingVaultStatus={checkingVaultStatus}
+          />
         )}
         {submitError && (
           <Alert variant="danger" title={t('Failed to inject secrets')}>
@@ -313,45 +196,20 @@ export default function ManageSecretsPage() {
           }}
         >
           <Alert variant="info" title={t('Secret Configuration')} isInline>
-            {t('Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.')}
+            {t(
+              'Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.',
+            )}
           </Alert>
-          <div className="patterns-operator__secret-form">
-            {secretTemplate.secrets.map((secret) => (
-              <ExpandableSection
-                key={secret.name}
-                toggleText={secret.name}
-                isExpanded={expandedSections[secret.name] || false}
-                onToggle={() => toggleSection(secret.name)}
-                className="patterns-operator__secret-section"
-              >
-                <Card>
-                  <CardTitle>{secret.name}</CardTitle>
-                  <CardBody>
-                    {secret.fields.map((field) => (
-                      <FormGroup
-                        key={field.name}
-                        label={field.name}
-                        helperText={field.description}
-                        isRequired={getFieldType(field) === 'prompt'}
-                        fieldId={`secret-${secret.name}-${field.name}`}
-                        className="patterns-operator__secret-field"
-                      >
-                        {renderField(secret, field)}
-                      </FormGroup>
-                    ))}
-                  </CardBody>
-                </Card>
-              </ExpandableSection>
-            ))}
-          </div>
+          <SecretFormExpandableSections
+            secrets={secretTemplate.secrets}
+            secretFormData={secretFormData}
+            expandedSections={expandedSections}
+            onToggleSection={toggleSection}
+            onFieldChange={handleFieldChange}
+          />
 
           <ActionGroup>
-            <Button
-              variant="primary"
-              type="submit"
-              isLoading={submitting}
-              isDisabled={submitting}
-            >
+            <Button variant="primary" type="submit" isLoading={submitting} isDisabled={submitting}>
               {t('Inject Secrets')}
             </Button>
             <Button variant="link" onClick={() => history.push('/patterns')}>
diff --git a/console/src/components/PatternCatalogPage.tsx b/console/src/components/PatternCatalogPage.tsx
index 3371d483f..79cc21ca0 100644
--- a/console/src/components/PatternCatalogPage.tsx
+++ b/console/src/components/PatternCatalogPage.tsx
@@ -85,7 +85,11 @@ function formatRoleLine(role: ClusterRoleRequirements, cloud: string): string {
   return parts.join(', ');
 }
 
-function getRequirementsTooltip(hub: ClusterRoleRequirements | undefined, spoke: ClusterRoleRequirements | undefined, clouds: string[]): string {
+function getRequirementsTooltip(
+  hub: ClusterRoleRequirements | undefined,
+  spoke: ClusterRoleRequirements | undefined,
+  clouds: string[],
+): string {
   return clouds
     .map((cloud) => {
       const lines: string[] = [];
@@ -117,14 +121,23 @@ function TierIcon({ tier }: { tier: string }) {
   // maintained: all 3 filled; tested: 2 filled + 1 outline; sandbox: 1 filled + 2 outline
   const filledCount = tier === 'maintained' ? 3 : tier === 'tested' ? 2 : 1;
   return (
-    <svg width="16" height="16" viewBox="0 0 48 48" style={{ verticalAlign: 'middle', marginRight: '4px' }}>
+    <svg
+      width="16"
+      height="16"
+      viewBox="0 0 48 48"
+      style={{ verticalAlign: 'middle', marginRight: '4px' }}
+    >
       {[0, 1, 2].map((i) => {
         const y = 34 - i * 14;
         const filled = i < filledCount;
         return (
           <rect
             key={i}
-            x="4" y={y} width="40" height="10" rx="5"
+            x="4"
+            y={y}
+            width="40"
+            height="10"
+            rx="5"
             fill={filled ? colors.filled : 'none'}
             stroke={colors.outline}
             strokeWidth={filled ? 0 : 3}
@@ -136,9 +149,12 @@ function TierIcon({ tier }: { tier: string }) {
 }
 
 const TIER_DESCRIPTIONS: Record<string, string> = {
-  maintained: 'Rigorously tested through an automated CI pipeline with continuous validation across OpenShift versions. Highest level of validation and prioritized for ongoing maintenance.',
-  tested: 'Undergoes a manual or automated test plan which passes at least once for each new OpenShift Container Platform minor version.',
-  sandbox: 'Entry-level patterns that are deployable onto a freshly installed OpenShift cluster without prior modification. May be work-in-progress.',
+  maintained:
+    'Rigorously tested through an automated CI pipeline with continuous validation across OpenShift versions. Highest level of validation and prioritized for ongoing maintenance.',
+  tested:
+    'Undergoes a manual or automated test plan which passes at least once for each new OpenShift Container Platform minor version.',
+  sandbox:
+    'Entry-level patterns that are deployable onto a freshly installed OpenShift cluster without prior modification. May be work-in-progress.',
 };
 
 export default function PatternCatalogPage() {
@@ -174,11 +190,14 @@ export default function PatternCatalogPage() {
   }, [loadData]);
 
   const filteredPatterns = React.useMemo(
-    () => selectedTiers.size === 0 ? patterns : patterns.filter((p) => selectedTiers.has(p.tier)),
+    () => (selectedTiers.size === 0 ? patterns : patterns.filter((p) => selectedTiers.has(p.tier))),
     [patterns, selectedTiers],
   );
 
-  const onTierSelect = (_event: React.MouseEvent | undefined, value: string | number | undefined) => {
+  const onTierSelect = (
+    _event: React.MouseEvent | undefined,
+    value: string | number | undefined,
+  ) => {
     setSelectedTiers((prev) => {
       const next = new Set(prev);
       if (next.has(value as string)) {
@@ -190,9 +209,12 @@ export default function PatternCatalogPage() {
     });
   };
 
-  const tierToggleLabel = selectedTiers.size === 0
-    ? t('Tier')
-    : Array.from(selectedTiers).map((tier) => tier.charAt(0).toUpperCase() + tier.slice(1)).join(', ');
+  const tierToggleLabel =
+    selectedTiers.size === 0
+      ? t('Tier')
+      : Array.from(selectedTiers)
+          .map((tier) => tier.charAt(0).toUpperCase() + tier.slice(1))
+          .join(', ');
 
   return (
     <>
@@ -202,10 +224,18 @@ export default function PatternCatalogPage() {
       <PageSection>
         {catalogImage ? (
           <Tooltip content={`${t('Catalog source')}: ${catalogImage}`}>
-            <Title headingLevel="h1" data-test="pattern-catalog-page-title" style={{ display: 'inline-block' }}>{t('Pattern Catalog')}</Title>
+            <Title
+              headingLevel="h1"
+              data-test="pattern-catalog-page-title"
+              style={{ display: 'inline-block' }}
+            >
+              {t('Pattern Catalog')}
+            </Title>
           </Tooltip>
         ) : (
-          <Title headingLevel="h1" data-test="pattern-catalog-page-title">{t('Pattern Catalog')}</Title>
+          <Title headingLevel="h1" data-test="pattern-catalog-page-title">
+            {t('Pattern Catalog')}
+          </Title>
         )}
       </PageSection>
       {catalogDescription && (
@@ -222,55 +252,67 @@ export default function PatternCatalogPage() {
         )}
         {!loading && !error && (
           <>
-          <Toolbar>
-            <ToolbarContent>
-              <ToolbarItem>
-                <Select
-                  role="menu"
-                  id="tier-filter"
-                  isOpen={tierSelectOpen}
-                  selected={Array.from(selectedTiers)}
-                  onSelect={onTierSelect}
-                  onOpenChange={setTierSelectOpen}
-                  toggle={(toggleRef) => (
-                    <MenuToggle
-                      ref={toggleRef}
-                      onClick={() => setTierSelectOpen((prev) => !prev)}
-                      isExpanded={tierSelectOpen}
-                    >
-                      {tierToggleLabel}
-                    </MenuToggle>
-                  )}
-                >
-                  <SelectList>
-                    {['maintained', 'tested', 'sandbox'].map((tier) => (
-                      <SelectOption
-                        key={tier}
-                        value={tier}
-                        hasCheckbox
-                        isSelected={selectedTiers.has(tier)}
+            <Toolbar>
+              <ToolbarContent>
+                <ToolbarItem>
+                  <Select
+                    role="menu"
+                    id="tier-filter"
+                    isOpen={tierSelectOpen}
+                    selected={Array.from(selectedTiers)}
+                    onSelect={onTierSelect}
+                    onOpenChange={setTierSelectOpen}
+                    toggle={(toggleRef) => (
+                      <MenuToggle
+                        ref={toggleRef}
+                        onClick={() => setTierSelectOpen((prev) => !prev)}
+                        isExpanded={tierSelectOpen}
                       >
-                        {tier.charAt(0).toUpperCase() + tier.slice(1)}
-                      </SelectOption>
-                    ))}
-                  </SelectList>
-                </Select>
-              </ToolbarItem>
-            </ToolbarContent>
-          </Toolbar>
-          <Gallery hasGutter minWidths={{ default: '300px' }}>
-                {filteredPatterns.map((pattern) => {
-                  const isInstalled = installedPatterns.has(pattern.name);
-                  const hasAnyInstalled = installedPatterns.size > 0;
-                  const isDisabled = hasAnyInstalled && !isInstalled;
-                  return (
-                  <Card key={pattern.name} className={`patterns-operator__card${isDisabled ? ' patterns-operator__card--disabled' : ''}`}>
+                        {tierToggleLabel}
+                      </MenuToggle>
+                    )}
+                  >
+                    <SelectList>
+                      {['maintained', 'tested', 'sandbox'].map((tier) => (
+                        <SelectOption
+                          key={tier}
+                          value={tier}
+                          hasCheckbox
+                          isSelected={selectedTiers.has(tier)}
+                        >
+                          {tier.charAt(0).toUpperCase() + tier.slice(1)}
+                        </SelectOption>
+                      ))}
+                    </SelectList>
+                  </Select>
+                </ToolbarItem>
+              </ToolbarContent>
+            </Toolbar>
+            <Gallery hasGutter minWidths={{ default: '300px' }}>
+              {filteredPatterns.map((pattern) => {
+                const isInstalled = installedPatterns.has(pattern.name);
+                const hasAnyInstalled = installedPatterns.size > 0;
+                const isDisabled = hasAnyInstalled && !isInstalled;
+                return (
+                  <Card
+                    key={pattern.name}
+                    className={`patterns-operator__card${
+                      isDisabled ? ' patterns-operator__card--disabled' : ''
+                    }`}
+                  >
                     <CardHeader>
                       <Tooltip content={TIER_DESCRIPTIONS[pattern.tier] || pattern.tier}>
-                        <Label color={TIER_COLORS[pattern.tier] || 'grey'} icon={<TierIcon tier={pattern.tier} />}>{pattern.tier}</Label>
+                        <Label
+                          color={TIER_COLORS[pattern.tier] || 'grey'}
+                          icon={<TierIcon tier={pattern.tier} />}
+                        >
+                          {pattern.tier}
+                        </Label>
                       </Tooltip>
                       {isInstalled && (
-                        <Label color="green" className="patterns-operator__installed-label">{t('Installed')}</Label>
+                        <Label color="green" className="patterns-operator__installed-label">
+                          {t('Installed')}
+                        </Label>
                       )}
                     </CardHeader>
                     <Tooltip content={`Org: ${pattern.org}`}>
@@ -278,50 +320,76 @@ export default function PatternCatalogPage() {
                     </Tooltip>
                     <CardBody>
                       {pattern.description && (
-                        <div className="patterns-operator__card-description">{pattern.description}</div>
+                        <div className="patterns-operator__card-description">
+                          {pattern.description}
+                        </div>
                       )}
                     </CardBody>
                     <CardBody>
-                      {pattern.requirements && (() => {
-                        const clouds = getCloudProviders(pattern);
-                        const hub = pattern.requirements.hub;
-                        const spoke = pattern.requirements.spoke;
-                        const defaultCloud = clouds.includes('aws') ? 'aws' : clouds[0];
-                        const hubSummary = hub && defaultCloud ? getSizingSummary(hub, defaultCloud) : null;
-                        const spokeSummary = spoke && defaultCloud ? getSizingSummary(spoke, defaultCloud) : null;
-                        const fullTooltip = getRequirementsTooltip(hub, spoke, clouds);
-                        return (
-                          <div className="patterns-operator__requirements">
-                            <Tooltip content={t('This is the sizing that has been tested. The pattern is expected to work on any similarly-sized architecture.')}>
-                              <div className="patterns-operator__requirements-heading">{t('Tested Requirements:')}</div>
-                            </Tooltip>
-                            {clouds.length > 0 && (
-                              <div className="patterns-operator__cloud-labels">
-                                {clouds.map((cloud) => (
-                                  <Label key={cloud} color="blue" isCompact>{CLOUD_LABELS[cloud] || cloud}</Label>
-                                ))}
-                              </div>
-                            )}
-                            {hubSummary && (
-                              <Tooltip content={<pre style={{ margin: 0, whiteSpace: 'pre-wrap' }}>{fullTooltip}</pre>}>
-                                <div className="patterns-operator__sizing-line">
-                                  {spoke
-                                    ? <>{t('Hub')}: {hubSummary}<br />{t('Spoke')}: {spokeSummary}</>
-                                    : `${t('Cluster')}: ${hubSummary}`
-                                  }
+                      {pattern.requirements &&
+                        (() => {
+                          const clouds = getCloudProviders(pattern);
+                          const hub = pattern.requirements.hub;
+                          const spoke = pattern.requirements.spoke;
+                          const defaultCloud = clouds.includes('aws') ? 'aws' : clouds[0];
+                          const hubSummary =
+                            hub && defaultCloud ? getSizingSummary(hub, defaultCloud) : null;
+                          const spokeSummary =
+                            spoke && defaultCloud ? getSizingSummary(spoke, defaultCloud) : null;
+                          const fullTooltip = getRequirementsTooltip(hub, spoke, clouds);
+                          return (
+                            <div className="patterns-operator__requirements">
+                              <Tooltip
+                                content={t(
+                                  'This is the sizing that has been tested. The pattern is expected to work on any similarly-sized architecture.',
+                                )}
+                              >
+                                <div className="patterns-operator__requirements-heading">
+                                  {t('Tested Requirements:')}
                                 </div>
                               </Tooltip>
-                            )}
-                            {pattern.external_requirements?.cluster_sizing_note && (
-                              <Tooltip content={pattern.external_requirements.cluster_sizing_note.trim()}>
-                                <span className="patterns-operator__sizing-note">
-                                  <InfoCircleIcon /> {t('Additional requirements')}
-                                </span>
-                              </Tooltip>
-                            )}
-                          </div>
-                        );
-                      })()}
+                              {clouds.length > 0 && (
+                                <div className="patterns-operator__cloud-labels">
+                                  {clouds.map((cloud) => (
+                                    <Label key={cloud} color="blue" isCompact>
+                                      {CLOUD_LABELS[cloud] || cloud}
+                                    </Label>
+                                  ))}
+                                </div>
+                              )}
+                              {hubSummary && (
+                                <Tooltip
+                                  content={
+                                    <pre style={{ margin: 0, whiteSpace: 'pre-wrap' }}>
+                                      {fullTooltip}
+                                    </pre>
+                                  }
+                                >
+                                  <div className="patterns-operator__sizing-line">
+                                    {spoke ? (
+                                      <>
+                                        {t('Hub')}: {hubSummary}
+                                        <br />
+                                        {t('Spoke')}: {spokeSummary}
+                                      </>
+                                    ) : (
+                                      `${t('Cluster')}: ${hubSummary}`
+                                    )}
+                                  </div>
+                                </Tooltip>
+                              )}
+                              {pattern.external_requirements?.cluster_sizing_note && (
+                                <Tooltip
+                                  content={pattern.external_requirements.cluster_sizing_note.trim()}
+                                >
+                                  <span className="patterns-operator__sizing-note">
+                                    <InfoCircleIcon /> {t('Additional requirements')}
+                                  </span>
+                                </Tooltip>
+                              )}
+                            </div>
+                          );
+                        })()}
                     </CardBody>
                     <CardFooter className="patterns-operator__card-footer">
                       {(pattern.docs_url || pattern.repo_url) && (
@@ -359,7 +427,9 @@ export default function PatternCatalogPage() {
                           <Button
                             variant="secondary"
                             onClick={() =>
-                              history.push(`/patterns/secrets/${pattern.catalogKey || pattern.name}`)
+                              history.push(
+                                `/patterns/secrets/${pattern.catalogKey || pattern.name}`,
+                              )
                             }
                           >
                             {t('Manage Secrets')}
@@ -368,23 +438,25 @@ export default function PatternCatalogPage() {
                         {isInstalled && (
                           <Button
                             variant="danger"
-                            onClick={() =>
-                            history.push(`/patterns/uninstall/${pattern.name}`)
-                            }
+                            onClick={() => history.push(`/patterns/uninstall/${pattern.name}`)}
                           >
                             {t('Uninstall')}
                           </Button>
                         )}
                         {!isInstalled && (
                           <Tooltip
-                            content={t('Only one pattern can be installed at a time. Uninstall the current pattern first.')}
+                            content={t(
+                              'Only one pattern can be installed at a time. Uninstall the current pattern first.',
+                            )}
                             trigger={isDisabled ? 'mouseenter focus' : 'manual'}
                           >
                             <Button
                               variant="primary"
                               isDisabled={isDisabled}
                               onClick={() =>
-                                history.push(`/patterns/install/${pattern.catalogKey || pattern.name}`)
+                                history.push(
+                                  `/patterns/install/${pattern.catalogKey || pattern.name}`,
+                                )
                               }
                             >
                               {t('Install')}
@@ -394,9 +466,9 @@ export default function PatternCatalogPage() {
                       </div>
                     </CardFooter>
                   </Card>
-                  );
-                })}
-          </Gallery>
+                );
+              })}
+            </Gallery>
           </>
         )}
       </PageSection>
diff --git a/console/src/components/SecretForm/SecretFormExpandableSections.tsx b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
new file mode 100644
index 000000000..caf889494
--- /dev/null
+++ b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
@@ -0,0 +1,95 @@
+import * as React from 'react';
+import { Card, CardBody, CardTitle, ExpandableSection, FormGroup } from '@patternfly/react-core';
+import { SecretDefinition, SecretField, SecretFormData } from '../../types';
+import { GenerateField } from './GenerateField';
+import { PromptField } from './PromptField';
+import { FileField } from './FileField';
+import { IniField } from './IniField';
+import { StaticField } from './StaticField';
+import './SecretForm.css';
+
+function getFieldType(field: SecretField): 'generate' | 'prompt' | 'file' | 'ini' | 'static' {
+  if (field.onMissingValue === 'generate') return 'generate';
+  if (field.path) return 'file';
+  if (field.ini_file) return 'ini';
+  if (field.value !== undefined && field.value !== null) return 'static';
+  return 'prompt';
+}
+
+export type SecretFormExpandableSectionsProps = {
+  secrets: SecretDefinition[];
+  secretFormData: SecretFormData;
+  expandedSections: Record<string, boolean>;
+  onToggleSection: (sectionName: string) => void;
+  onFieldChange: (secretName: string, fieldName: string, value: string | File | null) => void;
+};
+
+/**
+ * Expandable cards per secret definition with typed fields (generate, prompt, file, ini, static).
+ */
+export function SecretFormExpandableSections({
+  secrets,
+  secretFormData,
+  expandedSections,
+  onToggleSection,
+  onFieldChange,
+}: SecretFormExpandableSectionsProps) {
+  const renderField = (secret: SecretDefinition, field: SecretField) => {
+    const fieldType = getFieldType(field);
+    const value = secretFormData[secret.name]?.[field.name] || '';
+
+    const commonProps = {
+      field,
+      value,
+      onChange: (newValue: string | File | null) =>
+        onFieldChange(secret.name, field.name, newValue),
+    };
+
+    switch (fieldType) {
+      case 'generate':
+        return <GenerateField key={field.name} {...commonProps} />;
+      case 'prompt':
+        return <PromptField key={field.name} {...commonProps} />;
+      case 'file':
+        return <FileField key={field.name} {...commonProps} />;
+      case 'ini':
+        return <IniField key={field.name} {...commonProps} />;
+      case 'static':
+        return <StaticField key={field.name} {...commonProps} />;
+      default:
+        return <PromptField key={field.name} {...commonProps} />;
+    }
+  };
+
+  return (
+    <div className="patterns-operator__secret-form">
+      {secrets.map((secret) => (
+        <ExpandableSection
+          key={secret.name}
+          toggleText={secret.name}
+          isExpanded={expandedSections[secret.name] || false}
+          onToggle={() => onToggleSection(secret.name)}
+          className="patterns-operator__secret-section"
+        >
+          <Card>
+            <CardTitle>{secret.name}</CardTitle>
+            <CardBody>
+              {secret.fields.map((field) => (
+                <FormGroup
+                  key={field.name}
+                  label={field.name}
+                  helperText={field.description}
+                  isRequired={getFieldType(field) === 'prompt'}
+                  fieldId={`secret-${secret.name}-${field.name}`}
+                  className="patterns-operator__secret-field"
+                >
+                  {renderField(secret, field)}
+                </FormGroup>
+              ))}
+            </CardBody>
+          </Card>
+        </ExpandableSection>
+      ))}
+    </div>
+  );
+}
diff --git a/console/src/components/SecretForm/VaultInjectionStatusAlert.tsx b/console/src/components/SecretForm/VaultInjectionStatusAlert.tsx
new file mode 100644
index 000000000..6412db859
--- /dev/null
+++ b/console/src/components/SecretForm/VaultInjectionStatusAlert.tsx
@@ -0,0 +1,51 @@
+import * as React from 'react';
+import { useTranslation } from 'react-i18next';
+import { Alert, Spinner } from '@patternfly/react-core';
+import { PATTERN_OPERATOR_NS, VaultJobStatus } from '../../api';
+
+export type VaultInjectionStatusAlertProps = {
+  vaultJobStatus: VaultJobStatus;
+  checkingVaultStatus: boolean;
+  style?: React.CSSProperties;
+};
+
+/**
+ * Inline status for the vault secret injection Kubernetes Job (link to console Job page).
+ */
+export function VaultInjectionStatusAlert({
+  vaultJobStatus,
+  checkingVaultStatus,
+  style,
+}: VaultInjectionStatusAlertProps) {
+  const { t } = useTranslation('plugin__patterns-operator-console-plugin');
+
+  return (
+    <Alert
+      style={style}
+      variant={
+        vaultJobStatus.status === 'succeeded'
+          ? 'success'
+          : vaultJobStatus.status === 'failed'
+          ? 'danger'
+          : 'info'
+      }
+      title={t('Vault Secret Injection')}
+      isInline
+    >
+      <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
+        {(vaultJobStatus.status === 'running' ||
+          vaultJobStatus.status === 'pending' ||
+          checkingVaultStatus) && <Spinner aria-label={t('Checking vault status')} size="md" />}
+        <span>{vaultJobStatus.message}</span>
+      </div>
+      {vaultJobStatus.jobName && (
+        <p style={{ marginTop: '8px', fontSize: '0.9em', color: '#4f5255' }}>
+          {t('Job')}:{' '}
+          <a href={`/k8s/ns/${PATTERN_OPERATOR_NS}/jobs/${vaultJobStatus.jobName}`}>
+            <code>{vaultJobStatus.jobName}</code>
+          </a>
+        </p>
+      )}
+    </Alert>
+  );
+}
diff --git a/console/src/components/UninstallPatternPage.tsx b/console/src/components/UninstallPatternPage.tsx
index c6081bc9d..4353041cd 100644
--- a/console/src/components/UninstallPatternPage.tsx
+++ b/console/src/components/UninstallPatternPage.tsx
@@ -119,7 +119,9 @@ export default function UninstallPatternPage() {
         <title>{t('Uninstall Pattern')}</title>
       </Helmet>
       <PageSection>
-        <Title headingLevel="h1">{t('Uninstall Pattern')}: {name}</Title>
+        <Title headingLevel="h1">
+          {t('Uninstall Pattern')}: {name}
+        </Title>
       </PageSection>
       <PageSection>
         {deleted && (
@@ -195,9 +197,7 @@ export default function UninstallPatternPage() {
           </Card>
         )}
 
-        {!deleted && !status && !error && (
-          <Spinner aria-label={t('Loading pattern status')} />
-        )}
+        {!deleted && !status && !error && <Spinner aria-label={t('Loading pattern status')} />}
       </PageSection>
     </>
   );
diff --git a/console/src/hooks/useVaultJobPolling.ts b/console/src/hooks/useVaultJobPolling.ts
new file mode 100644
index 000000000..924815d12
--- /dev/null
+++ b/console/src/hooks/useVaultJobPolling.ts
@@ -0,0 +1,36 @@
+import * as React from 'react';
+import { fetchVaultJobStatus, VaultJobStatus } from '../api';
+
+const POLL_INTERVAL_MS = 5000;
+
+/**
+ * Polls the latest vault injection Job for a pattern until it completes or fails.
+ */
+export function useVaultJobPolling(patternName: string) {
+  const [vaultJobStatus, setVaultJobStatus] = React.useState<VaultJobStatus | null>(null);
+  const [checkingVaultStatus, setCheckingVaultStatus] = React.useState(false);
+
+  const checkVaultJobStatus = React.useCallback(async () => {
+    if (!patternName) {
+      return;
+    }
+
+    try {
+      setCheckingVaultStatus(true);
+      const status = await fetchVaultJobStatus(patternName);
+      setVaultJobStatus(status);
+
+      if (status.status === 'running' || status.status === 'pending') {
+        setTimeout(() => {
+          checkVaultJobStatus();
+        }, POLL_INTERVAL_MS);
+      }
+    } catch (err) {
+      console.error('Error checking vault job status:', err);
+    } finally {
+      setCheckingVaultStatus(false);
+    }
+  }, [patternName]);
+
+  return { vaultJobStatus, setVaultJobStatus, checkingVaultStatus, checkVaultJobStatus };
+}
diff --git a/console/src/vaultSecrets.ts b/console/src/vaultSecrets.ts
new file mode 100644
index 000000000..dbac0e87d
--- /dev/null
+++ b/console/src/vaultSecrets.ts
@@ -0,0 +1,46 @@
+import type { SecretFormData, SecretTemplate } from './types';
+
+/**
+ * Build values-secret.yaml and template JSON for the vault injection API,
+ * from catalog template + user form values (same structure as vault_load_secrets / parse_secrets_info v2.0).
+ */
+export async function buildVaultInjectionYaml(
+  secretTemplate: SecretTemplate,
+  secretFormData: SecretFormData,
+): Promise<{ valuesSecretYaml: string; templateYaml: string }> {
+  const yaml = await import('js-yaml');
+
+  const secretsList = secretTemplate.secrets.map((secretDef) => {
+    const formValues = secretFormData[secretDef.name] || {};
+    const secret: Record<string, unknown> = { name: secretDef.name };
+    if (secretDef.vaultMount) secret.vaultMount = secretDef.vaultMount;
+    if (secretDef.vaultPrefixes) secret.vaultPrefixes = secretDef.vaultPrefixes;
+    secret.fields = secretDef.fields.map((fieldDef) => {
+      const field: Record<string, unknown> = { name: fieldDef.name };
+      if (fieldDef.onMissingValue) field.onMissingValue = fieldDef.onMissingValue;
+      if (fieldDef.vaultPolicy) field.vaultPolicy = fieldDef.vaultPolicy;
+      if (fieldDef.base64) field.base64 = fieldDef.base64;
+      if (fieldDef.override) field.override = fieldDef.override;
+      const val = formValues[fieldDef.name];
+      if (typeof val === 'string' && val !== '') {
+        field.value = val;
+        if (fieldDef.onMissingValue === 'generate') {
+          delete field.onMissingValue;
+          delete field.vaultPolicy;
+        }
+      }
+      return field;
+    });
+    return secret;
+  });
+
+  const vaultSecretStructure: SecretTemplate = {
+    version: '2.0',
+    secrets: secretsList as unknown as SecretTemplate['secrets'],
+    vaultPolicies: secretTemplate?.vaultPolicies || null,
+  };
+
+  const valuesSecretYaml = yaml.dump(vaultSecretStructure);
+  const templateYaml = JSON.stringify(secretTemplate, null, 2);
+  return { valuesSecretYaml, templateYaml };
+}

From 77c3a877d113acdf47feebeda742ad57c6dc7044 Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Wed, 22 Apr 2026 10:36:07 +0200
Subject: [PATCH 2/7] fix: Disable metrics server in the operator code

---
 cmd/main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/main.go b/cmd/main.go
index d5b69740e..0dec97172 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -36,6 +36,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1"
 	gitopsv1alpha1 "github.com/hybrid-cloud-patterns/patterns-operator/api/v1alpha1"
@@ -85,6 +86,9 @@ func main() {
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "f2850479.hybrid-cloud-patterns.io",
+		Metrics: server.Options{
+			BindAddress: "0",
+		},
 		//LeaderElectionNamespace: "default", // Use this if we ever want to enforce a single instance per cluster
 	})
 	if err != nil {

From 8d10eda7a7297738273d924b34de425e5704f080 Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Tue, 28 Apr 2026 11:11:18 +0200
Subject: [PATCH 3/7] fix: Allow to run UI locally with different catalog image

---
 console/package.json       | 2 +-
 console/scripts/catalog.sh | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/console/package.json b/console/package.json
index c50ece526..a232b52c9 100644
--- a/console/package.json
+++ b/console/package.json
@@ -15,7 +15,7 @@
     "start": "concurrently --kill-others -c auto -n \"console,wds,ui-catalog\" -p \"{name}:{pid}\" \"yarn run start:console\" \"yarn run start:wds\" \"yarn run start:ui-catalog\"",
     "start:wds": "PATTERN_UI_CATALOG_BASE_URL=http://localhost:8080 yarn run webpack -- serve --progress",
     "start:console": "CONSOLE_VERSION=4.20.0 scripts/console.sh",
-    "start:ui-catalog": "UI_CATALOG_IMG=quay.io/validatedpatterns/pattern-ui-catalog:stable-v1 scripts/catalog.sh",
+    "start:ui-catalog": "scripts/catalog.sh",
     "i18n": "./i18n-scripts/build-i18n.sh && node ./i18n-scripts/set-english-defaults.js",
     "lint": "yarn eslint src integration-tests --fix && stylelint 'src/**/*.css' --allow-empty-input --fix",
     "test-cypress": "cd integration-tests && cypress open",
diff --git a/console/scripts/catalog.sh b/console/scripts/catalog.sh
index cecc53074..5825eb07d 100755
--- a/console/scripts/catalog.sh
+++ b/console/scripts/catalog.sh
@@ -3,6 +3,7 @@
 set -euo pipefail
 CONSOLE_IMAGE_PLATFORM=${CONSOLE_IMAGE_PLATFORM:="linux/amd64"}
 
+UI_CATALOG_IMG=${UI_CATALOG_IMG:="quay.io/validatedpatterns/pattern-ui-catalog:stable-v1"}
 
 echo "Starting local UI catalog image..."
 echo "Console Image: $UI_CATALOG_IMG"

From a0c67e44356c10a626d54e958e93579dd251ae70 Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Wed, 29 Apr 2026 13:32:30 +0200
Subject: [PATCH 4/7] fix: file upload

---
 console/package.json                          |   3 +-
 console/src/api.ts                            | 180 ++++++++------
 console/src/components/InstallPatternPage.tsx |  15 +-
 console/src/components/ManageSecretsPage.tsx  |  12 +-
 .../src/components/SecretForm/FileField.tsx   |  90 +++----
 .../components/SecretForm/GenerateField.tsx   |  56 +++--
 .../SecretFormExpandableSections.tsx          |   5 +-
 .../src/components/SecretForm/StaticField.tsx |  50 +---
 console/src/components/SecretFormPage.tsx     | 230 ------------------
 console/src/types.ts                          |  18 +-
 console/src/vaultSecrets.ts                   |  70 ++++--
 console/yarn.lock                             |   5 +
 12 files changed, 266 insertions(+), 468 deletions(-)
 delete mode 100644 console/src/components/SecretFormPage.tsx

diff --git a/console/package.json b/console/package.json
index a232b52c9..fa9cf2aae 100644
--- a/console/package.json
+++ b/console/package.json
@@ -95,7 +95,8 @@
     "mocha": "^10.5.1"
   },
   "dependencies": {
-    "js-yaml": "^4.1.1"
+    "js-yaml": "^4.1.1",
+    "yaml": "^2.8.3"
   },
   "resolutions": {
     "braces": "^3.0.3"
diff --git a/console/src/api.ts b/console/src/api.ts
index 29891d248..77c9ca927 100644
--- a/console/src/api.ts
+++ b/console/src/api.ts
@@ -1,6 +1,12 @@
 import { consoleFetch } from '@openshift-console/dynamic-plugin-sdk';
 import { load } from 'js-yaml';
-import { Catalog, Pattern, SecretTemplate } from './types';
+import {
+  Catalog,
+  Pattern,
+  SecretTemplate,
+  VAULT_UPLOADS_MOUNT_PREFIX,
+  type VaultInjectionFileArtifact,
+} from './types';
 
 declare const __PATTERN_UI_CATALOG_BASE_URL__: string;
 declare const __PATTERN_OPERATOR_NS__: string;
@@ -67,7 +73,8 @@ export interface VaultJobStatus {
 export interface VaultInjectionRequest {
   patternName: string;
   valuesSecretYaml: string;
-  templateYaml?: string;
+  /** One Kubernetes Secret per entry, mounted under {@link VAULT_UPLOADS_MOUNT_PREFIX}/{slug}. */
+  fileArtifacts?: VaultInjectionFileArtifact[];
   vaultNamespace?: string;
   vaultPod?: string;
   vaultHub?: string;
@@ -85,10 +92,11 @@ export async function triggerVaultInjection(
 ): Promise<VaultInjectionResponse> {
   try {
     console.log('🚀 [API] Starting vault injection for pattern:', request.patternName);
+    const fileArtifacts = request.fileArtifacts ?? [];
     console.log('📊 [API] Request details:', {
       patternName: request.patternName,
       valuesSecretYamlLength: request.valuesSecretYaml?.length || 0,
-      hasTemplate: !!request.templateYaml,
+      fileArtifactCount: fileArtifacts.length,
       vaultNamespace: request.vaultNamespace || 'vault',
       vaultPod: request.vaultPod || 'vault-0',
       vaultHub: request.vaultHub || 'hub',
@@ -97,45 +105,75 @@ export async function triggerVaultInjection(
     const timestamp = Date.now();
     const secretName = `vault-secrets-${request.patternName}-${timestamp}`;
     const jobName = `vault-inject-${request.patternName}-${timestamp}`;
+    const runLabelKey = 'patterns.gitops.hybrid-cloud-patterns.io/vault-injection-run';
+    const runLabelValue = String(timestamp);
+
+    const commonSecretLabels = {
+      'patterns.gitops.hybrid-cloud-patterns.io/pattern': request.patternName,
+      'patterns.gitops.hybrid-cloud-patterns.io/component': 'secret-injector',
+      [runLabelKey]: runLabelValue,
+    };
 
     console.log('🔐 [API] Creating Kubernetes secret:', secretName);
     console.log('⚙️ [API] Creating Kubernetes job:', jobName);
 
-    // First, create a Secret with the values-secret.yaml content
-    const secretData: any = {
-      'values-secret.yaml': btoa(request.valuesSecretYaml), // base64 encode for Kubernetes
-    };
+    for (let i = 0; i < fileArtifacts.length; i++) {
+      const artifact = fileArtifacts[i];
+      const fileSecretName = `${secretName}-f${i}`;
+      const fileSecret = {
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: fileSecretName,
+          namespace: PATTERN_OPERATOR_NS,
+          labels: { ...commonSecretLabels },
+        },
+        type: 'Opaque',
+        data: { content: artifact.dataBase64 },
+      };
+
+      const fileResp = await consoleFetch(
+        `/api/kubernetes/api/v1/namespaces/${PATTERN_OPERATOR_NS}/secrets`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(fileSecret),
+        },
+      );
 
-    if (request.templateYaml) {
-      secretData['values-secret.yaml.template'] = btoa(request.templateYaml);
+      if (!fileResp.ok) {
+        const errorText = await fileResp.text();
+        console.error(
+          '🔴 [API] Failed to create file secret:',
+          fileSecretName,
+          fileResp.status,
+          errorText,
+        );
+        throw new Error(`Failed to create file secret: ${fileResp.status} ${errorText}`);
+      }
     }
 
+    const secretData: Record<string, string> = {
+      'values-secret.yaml': btoa(request.valuesSecretYaml),
+    };
+
     const secret = {
       apiVersion: 'v1',
       kind: 'Secret',
       metadata: {
         name: secretName,
         namespace: PATTERN_OPERATOR_NS,
-        labels: {
-          'patterns.gitops.hybrid-cloud-patterns.io/pattern': request.patternName,
-          'patterns.gitops.hybrid-cloud-patterns.io/component': 'secret-injector',
-        },
+        labels: { ...commonSecretLabels },
       },
       type: 'Opaque',
       data: secretData,
     };
 
-    // Create the secret
     console.log(
-      '🔐 [API] Creating secret with payload size:',
+      '🔐 [API] Creating values-secret with payload size:',
       JSON.stringify(secret).length,
       'bytes',
     );
-    console.log('🔐 [API] Secret metadata:', {
-      name: secret.metadata.name,
-      namespace: secret.metadata.namespace,
-      labels: secret.metadata.labels,
-    });
 
     const secretResponse = await consoleFetch(
       `/api/kubernetes/api/v1/namespaces/${PATTERN_OPERATOR_NS}/secrets`,
@@ -160,7 +198,46 @@ export async function triggerVaultInjection(
       creationTimestamp: secretResult.metadata?.creationTimestamp,
     });
 
-    // Now create a Job that uses this secret
+    const volumes: Record<string, unknown>[] = [
+      {
+        name: 'vault-secrets',
+        secret: { secretName },
+      },
+    ];
+    if (fileArtifacts.length > 0) {
+      volumes.push({
+        name: 'vault-uploads',
+        projected: {
+          sources: fileArtifacts.map((art, i) => ({
+            secret: {
+              name: `${secretName}-f${i}`,
+              items: [{ key: 'content', path: art.slug }],
+            },
+          })),
+        },
+      });
+    }
+    volumes.push({ name: 'shared', emptyDir: {} });
+
+    const injectorVolumeMounts: Record<string, unknown>[] = [
+      {
+        name: 'vault-secrets',
+        mountPath: '/vault-secrets',
+        readOnly: true,
+      },
+    ];
+    if (fileArtifacts.length > 0) {
+      injectorVolumeMounts.push({
+        name: 'vault-uploads',
+        mountPath: VAULT_UPLOADS_MOUNT_PREFIX,
+        readOnly: true,
+      });
+    }
+    injectorVolumeMounts.push({
+      name: 'shared',
+      mountPath: '/shared',
+    });
+
     const job = {
       apiVersion: 'batch/v1',
       kind: 'Job',
@@ -170,6 +247,7 @@ export async function triggerVaultInjection(
         labels: {
           'patterns.gitops.hybrid-cloud-patterns.io/pattern': request.patternName,
           'patterns.gitops.hybrid-cloud-patterns.io/component': 'secret-injector',
+          [runLabelKey]: runLabelValue,
         },
       },
       spec: {
@@ -179,6 +257,7 @@ export async function triggerVaultInjection(
             labels: {
               'patterns.gitops.hybrid-cloud-patterns.io/pattern': request.patternName,
               'patterns.gitops.hybrid-cloud-patterns.io/component': 'secret-injector',
+              [runLabelKey]: runLabelValue,
             },
           },
           spec: {
@@ -194,15 +273,6 @@ export async function triggerVaultInjection(
                   `
                   echo "Starting vault secret injection for pattern: ${request.patternName}"
 
-                  # Copy mounted secret files to expected location
-                  mkdir -p /tmp/pattern
-                  cp /vault-secrets/values-secret.yaml /tmp/pattern/values-secret.yaml
-                  if [[ -f /vault-secrets/values-secret.yaml.template ]]; then
-                    cp /vault-secrets/values-secret.yaml.template /tmp/pattern/values-secret.yaml.template
-                  fi
-
-                  echo "Secret files prepared, running ansible to inject into vault..."
-
                   # Create a simplified playbook that calls the vault_load_secrets module directly
                   cat > /tmp/vault_injection_playbook.yaml << 'PLAYBOOK_EOF'
 ---
@@ -212,35 +282,21 @@ export async function triggerVaultInjection(
   gather_facts: false
   vars:
     ansible_python_interpreter: "{{ ansible_playbook_python }}"
-    values_secrets: "{{ pattern_dir }}/values-secret.yaml"
     check_missing_secrets: false
     namespace: "{{ vault_ns }}"
     pod: "{{ vault_pod }}"
   tasks:
-    - name: Check if values-secret.yaml.template exists
-      ansible.builtin.stat:
-        path: "{{ pattern_dir }}/values-secret.yaml.template"
-      register: template_file_check
-
-    - name: Set values-secret.yaml.template exists fact
-      ansible.builtin.set_fact:
-        values_secret_template: "{{ (template_file_check.stat.exists) | ternary(pattern_dir + '/values-secret.yaml.template', omit) }}"
-
     - name: Load secrets into vault using rhvp.cluster_utils module
       ansible.builtin.include_role:
         name: rhvp.cluster_utils.load_secrets
 PLAYBOOK_EOF
-
                   # Run the playbook and save the exit code
                   cd /pattern-home
                   ansible-playbook -v -i localhost, /tmp/vault_injection_playbook.yaml \\
-                    -e pattern_name="${request.patternName}" \\
                     -e pattern_dir="/tmp/pattern" \\
                     -e vault_ns="${request.vaultNamespace || 'vault'}" \\
                     -e vault_pod="${request.vaultPod || 'vault-0'}" \\
-                    -e vault_hub="${request.vaultHub || 'hub'}" \\
-                    -e found_file="/tmp/pattern/values-secret.yaml" \\
-                    -e secret_template="/tmp/pattern/values-secret.yaml.template"
+                    -e vault_hub="${request.vaultHub || 'hub'}"
                   rc=$?
 
                   echo $rc > /shared/rc
@@ -250,21 +306,9 @@ PLAYBOOK_EOF
                 ],
                 env: [
                   { name: 'PATTERN_NAME', value: request.patternName },
-                  { name: 'VAULT_NAMESPACE', value: request.vaultNamespace || 'vault' },
-                  { name: 'VAULT_POD', value: request.vaultPod || 'vault-0' },
-                  { name: 'VAULT_HUB', value: request.vaultHub || 'hub' },
-                ],
-                volumeMounts: [
-                  {
-                    name: 'vault-secrets',
-                    mountPath: '/vault-secrets',
-                    readOnly: true,
-                  },
-                  {
-                    name: 'shared',
-                    mountPath: '/shared',
-                  },
+                  { name: 'VALUES_SECRET', value: '/vault-secrets/values-secret.yaml' },
                 ],
+                volumeMounts: injectorVolumeMounts,
                 resources: {
                   requests: { cpu: '100m', memory: '256Mi' },
                   limits: { cpu: '500m', memory: '512Mi' },
@@ -276,13 +320,14 @@ PLAYBOOK_EOF
                 command: [
                   '/bin/bash',
                   '-c',
-                  `echo "Deleting temporary secret $SECRET_NAME in namespace $SECRET_NAMESPACE"
-                  kubectl delete secret "$SECRET_NAME" -n "$SECRET_NAMESPACE" --ignore-not-found
+                  `echo "Deleting temporary secrets for injection run $VAULT_INJECTION_RUN"
+                  kubectl delete secret -n "$SECRET_NAMESPACE" -l "${runLabelKey}=$VAULT_INJECTION_RUN,patterns.gitops.hybrid-cloud-patterns.io/pattern=$PATTERN_NAME" --ignore-not-found
                   echo "Cleanup complete"`,
                 ],
                 env: [
-                  { name: 'SECRET_NAME', value: secretName },
                   { name: 'SECRET_NAMESPACE', value: PATTERN_OPERATOR_NS },
+                  { name: 'VAULT_INJECTION_RUN', value: runLabelValue },
+                  { name: 'PATTERN_NAME', value: request.patternName },
                 ],
                 resources: {
                   requests: { cpu: '50m', memory: '64Mi' },
@@ -318,16 +363,7 @@ PLAYBOOK_EOF
                 },
               },
             ],
-            volumes: [
-              {
-                name: 'vault-secrets',
-                secret: { secretName: secretName },
-              },
-              {
-                name: 'shared',
-                emptyDir: {},
-              },
-            ],
+            volumes,
           },
         },
       },
diff --git a/console/src/components/InstallPatternPage.tsx b/console/src/components/InstallPatternPage.tsx
index 8a116c5dc..72fd0048c 100644
--- a/console/src/components/InstallPatternPage.tsx
+++ b/console/src/components/InstallPatternPage.tsx
@@ -33,7 +33,7 @@ import {
   PatternCRStatus,
 } from '../api';
 import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
-import { buildVaultInjectionYaml } from '../vaultSecrets';
+import { buildVaultInjectionPayload } from '../vaultSecrets';
 import { SecretTemplate, SecretFormData } from '../types';
 import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
 import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
@@ -151,7 +151,7 @@ export default function InstallPatternPage() {
     });
 
     try {
-      const { valuesSecretYaml, templateYaml } = await buildVaultInjectionYaml(
+      const { valuesSecretYaml, fileArtifacts } = buildVaultInjectionPayload(
         secretTemplate,
         secretFormData,
       );
@@ -159,12 +159,11 @@ export default function InstallPatternPage() {
         '✅ [InstallPatternPage] Generated values YAML with vault structure:',
         valuesSecretYaml,
       );
-      console.log('✅ [InstallPatternPage] Generated template YAML:', templateYaml);
 
       const request = {
         patternName,
         valuesSecretYaml,
-        templateYaml,
+        fileArtifacts,
       };
 
       console.log('🚀 [InstallPatternPage] Triggering vault injection with request:', request);
@@ -323,13 +322,9 @@ export default function InstallPatternPage() {
   };
 
   // Secret form handling functions
-  const handleFieldChange = (
-    secretName: string,
-    fieldName: string,
-    value: string | File | null,
-  ) => {
+  const handleFieldChange = (secretName: string, fieldName: string, value: string | null) => {
     console.log(`🔄 [InstallPatternPage] Secret field changed: ${secretName}.${fieldName}`, {
-      value: value instanceof File ? `[File: ${value.name}]` : value,
+      value: value,
     });
     setSecretFormData((prev) => ({
       ...prev,
diff --git a/console/src/components/ManageSecretsPage.tsx b/console/src/components/ManageSecretsPage.tsx
index cf76b9f14..eb5683ae5 100644
--- a/console/src/components/ManageSecretsPage.tsx
+++ b/console/src/components/ManageSecretsPage.tsx
@@ -17,7 +17,7 @@ import {
   triggerVaultInjection as apiTriggerVaultInjection,
 } from '../api';
 import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
-import { buildVaultInjectionYaml } from '../vaultSecrets';
+import { buildVaultInjectionPayload } from '../vaultSecrets';
 import { SecretTemplate, SecretFormData } from '../types';
 import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
 import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
@@ -82,7 +82,7 @@ export default function ManageSecretsPage() {
     setVaultJobStatus(null);
 
     try {
-      const { valuesSecretYaml, templateYaml } = await buildVaultInjectionYaml(
+      const { valuesSecretYaml, fileArtifacts } = buildVaultInjectionPayload(
         secretTemplate,
         secretFormData,
       );
@@ -90,7 +90,7 @@ export default function ManageSecretsPage() {
       const request = {
         patternName,
         valuesSecretYaml,
-        templateYaml,
+        fileArtifacts,
       };
 
       const result = await apiTriggerVaultInjection(request);
@@ -110,11 +110,7 @@ export default function ManageSecretsPage() {
     }
   };
 
-  const handleFieldChange = (
-    secretName: string,
-    fieldName: string,
-    value: string | File | null,
-  ) => {
+  const handleFieldChange = (secretName: string, fieldName: string, value: string | null) => {
     setSecretFormData((prev) => ({
       ...prev,
       [secretName]: {
diff --git a/console/src/components/SecretForm/FileField.tsx b/console/src/components/SecretForm/FileField.tsx
index 3cca213c8..5c0c56555 100644
--- a/console/src/components/SecretForm/FileField.tsx
+++ b/console/src/components/SecretForm/FileField.tsx
@@ -1,6 +1,11 @@
 import * as React from 'react';
 import { useTranslation } from 'react-i18next';
-import { FileUpload, FormHelperText, HelperText, HelperTextItem } from '@patternfly/react-core';
+import {
+  FileUpload,
+  FileUploadHelperText,
+  HelperText,
+  HelperTextItem,
+} from '@patternfly/react-core';
 
 interface FileFieldProps {
   field: {
@@ -9,51 +14,24 @@ interface FileFieldProps {
     path?: string;
     base64?: boolean;
   };
-  value: File | string | null;
-  onChange: (value: File | string | null) => void;
+  value: string | null;
+  onChange: (value: string | null) => void;
 }
 
 export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange }) => {
   const { t } = useTranslation('plugin__patterns-operator-console-plugin');
   const [filename, setFilename] = React.useState('');
-  const [isLoading, setIsLoading] = React.useState(false);
 
-  const handleFileInputChange = (file: File | null, filename: string) => {
-    setFilename(filename);
-    if (!file) {
-      onChange(null);
-      return;
-    }
+  const handleFileInputChange = (_, file: File) => {
+    setFilename(file.name);
 
-    setIsLoading(true);
-
-    if (field.base64) {
-      // Read file as base64
-      const reader = new FileReader();
-      reader.onload = () => {
-        const result = reader.result as string;
-        const base64 = result.split(',')[1]; // Remove data:type;base64, prefix
-        onChange(base64);
-        setIsLoading(false);
-      };
-      reader.onerror = () => {
-        onChange(null);
-        setIsLoading(false);
-      };
-      reader.readAsDataURL(file);
-    } else {
-      // Read file as text
-      const reader = new FileReader();
-      reader.onload = () => {
-        onChange(reader.result as string);
-        setIsLoading(false);
-      };
-      reader.onerror = () => {
-        onChange(null);
-        setIsLoading(false);
-      };
-      reader.readAsText(file);
-    }
+    const reader = new FileReader();
+    reader.readAsDataURL(file);
+    reader.onload = () => {
+      const base64filecontent = reader.result.toString().split(',')[1]; // Remove data:type;base64, prefix
+      onChange(base64filecontent);
+      console.log(base64filecontent);
+    };
   };
 
   const handleClear = () => {
@@ -67,36 +45,26 @@ export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange })
         id={`file-${field.name}`}
         value={value}
         filename={filename}
-        onChange={handleFileInputChange}
+        type="text"
+        hideDefaultPreview
+        filenamePlaceholder={t('Drag and drop a file or upload one')}
+        onFileInputChange={handleFileInputChange}
         onClearClick={handleClear}
-        isLoading={isLoading}
         dropzoneProps={{
           accept: {
             'text/*': ['.txt', '.pem', '.crt', '.key', '.ini', '.conf', '.config'],
             'application/*': ['.json', '.yaml', '.yml'],
           },
         }}
-      />
-      <FormHelperText>
-        <HelperText>
-          <HelperTextItem>
-            {field.description ||
-              (field.base64
-                ? t('Upload a file that will be base64 encoded')
-                : t('Upload a text file'))}
-          </HelperTextItem>
-          {field.path && (
-            <HelperTextItem>
-              {t('File will be stored at: {{path}}', { path: field.path })}
-            </HelperTextItem>
-          )}
-          {field.base64 && (
-            <HelperTextItem>
-              {t('File content will be automatically base64 encoded')}
+      >
+        <FileUploadHelperText>
+          <HelperText>
+            <HelperTextItem id={`file-${field.name}-helpertext`}>
+              {field.description}
             </HelperTextItem>
-          )}
-        </HelperText>
-      </FormHelperText>
+          </HelperText>
+        </FileUploadHelperText>
+      </FileUpload>
     </>
   );
 };
diff --git a/console/src/components/SecretForm/GenerateField.tsx b/console/src/components/SecretForm/GenerateField.tsx
index 02809fc5d..64596c615 100644
--- a/console/src/components/SecretForm/GenerateField.tsx
+++ b/console/src/components/SecretForm/GenerateField.tsx
@@ -1,18 +1,13 @@
 import * as React from 'react';
 import { useTranslation } from 'react-i18next';
-import {
-  Checkbox,
-  FormHelperText,
-  HelperText,
-  HelperTextItem,
-  TextInput,
-} from '@patternfly/react-core';
+import { Checkbox, HelperText, HelperTextItem, TextInput } from '@patternfly/react-core';
 
 interface GenerateFieldProps {
   field: {
     name: string;
     description?: string;
     vaultPolicy?: string;
+    override?: boolean;
   };
   value: string;
   onChange: (value: string) => void;
@@ -21,11 +16,20 @@ interface GenerateFieldProps {
 export const GenerateField: React.FC<GenerateFieldProps> = ({ field, value, onChange }) => {
   const { t } = useTranslation('plugin__patterns-operator-console-plugin');
   const [autoGenerate, setAutoGenerate] = React.useState(true);
+  const [allowOverride, setAllowOverride] = React.useState(false);
 
   const handleAutoGenerateChange = (checked: boolean) => {
     setAutoGenerate(checked);
     if (checked) {
-      onChange(''); // Clear manual value when switching to auto-generate
+      onChange('');
+      setAllowOverride(false);
+    }
+  };
+
+  const handleAllowOverrideChange = (checked: boolean) => {
+    setAllowOverride(checked);
+    if (!checked) {
+      onChange('');
     }
   };
 
@@ -35,12 +39,32 @@ export const GenerateField: React.FC<GenerateFieldProps> = ({ field, value, onCh
 
   return (
     <>
+      <HelperText>
+        {field.description && <HelperTextItem>{field.description}</HelperTextItem>}
+      </HelperText>
       <Checkbox
         id={`auto-generate-${field.name}`}
         label={t('Auto-generate this value')}
         isChecked={autoGenerate}
         onChange={(_event, checked) => handleAutoGenerateChange(checked)}
+        body={t('If checked this value will be automatically generated using vault policies')}
+        description={
+          autoGenerate &&
+          field.vaultPolicy &&
+          t('Vault policy: {{policy}}', { policy: field.vaultPolicy })
+        }
       />
+      {autoGenerate && (
+        <Checkbox
+          id={`override-${field.name}`}
+          label={t('Allow override')}
+          isChecked={allowOverride}
+          onChange={(_event, checked) => handleAllowOverrideChange(checked)}
+          body={t(
+            'If the secret already exists in the vault it will be changed if override is set to true',
+          )}
+        />
+      )}
       {!autoGenerate && (
         <TextInput
           id={`manual-${field.name}`}
@@ -48,24 +72,8 @@ export const GenerateField: React.FC<GenerateFieldProps> = ({ field, value, onCh
           value={value}
           onChange={handleManualValueChange}
           placeholder={t('Enter manual value')}
-          style={{ marginTop: '8px' }}
         />
       )}
-      <FormHelperText>
-        <HelperText>
-          <HelperTextItem>
-            {autoGenerate
-              ? t('This value will be automatically generated using vault policies')
-              : t('You can manually override the auto-generated value')}
-          </HelperTextItem>
-          {field.vaultPolicy && (
-            <HelperTextItem>
-              {t('Vault policy: {{policy}}', { policy: field.vaultPolicy })}
-            </HelperTextItem>
-          )}
-          {field.description && <HelperTextItem>{field.description}</HelperTextItem>}
-        </HelperText>
-      </FormHelperText>
     </>
   );
 };
diff --git a/console/src/components/SecretForm/SecretFormExpandableSections.tsx b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
index caf889494..d5cdb3733 100644
--- a/console/src/components/SecretForm/SecretFormExpandableSections.tsx
+++ b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
@@ -21,7 +21,7 @@ export type SecretFormExpandableSectionsProps = {
   secretFormData: SecretFormData;
   expandedSections: Record<string, boolean>;
   onToggleSection: (sectionName: string) => void;
-  onFieldChange: (secretName: string, fieldName: string, value: string | File | null) => void;
+  onFieldChange: (secretName: string, fieldName: string, value: string | null) => void;
 };
 
 /**
@@ -41,7 +41,7 @@ export function SecretFormExpandableSections({
     const commonProps = {
       field,
       value,
-      onChange: (newValue: string | File | null) =>
+      onChange: (newValue: string | null) =>
         onFieldChange(secret.name, field.name, newValue),
     };
 
@@ -78,7 +78,6 @@ export function SecretFormExpandableSections({
                 <FormGroup
                   key={field.name}
                   label={field.name}
-                  helperText={field.description}
                   isRequired={getFieldType(field) === 'prompt'}
                   fieldId={`secret-${secret.name}-${field.name}`}
                   className="patterns-operator__secret-field"
diff --git a/console/src/components/SecretForm/StaticField.tsx b/console/src/components/SecretForm/StaticField.tsx
index 39cb835f5..c0b146872 100644
--- a/console/src/components/SecretForm/StaticField.tsx
+++ b/console/src/components/SecretForm/StaticField.tsx
@@ -1,19 +1,12 @@
 import * as React from 'react';
 import { useTranslation } from 'react-i18next';
-import {
-  Checkbox,
-  FormHelperText,
-  HelperText,
-  HelperTextItem,
-  TextInput,
-} from '@patternfly/react-core';
+import { FormHelperText, HelperText, HelperTextItem, TextInput } from '@patternfly/react-core';
 
 interface StaticFieldProps {
   field: {
     name: string;
     description?: string;
     value?: string;
-    override?: boolean;
   };
   value: string;
   onChange: (value: string) => void;
@@ -21,9 +14,7 @@ interface StaticFieldProps {
 
 export const StaticField: React.FC<StaticFieldProps> = ({ field, value, onChange }) => {
   const { t } = useTranslation('plugin__patterns-operator-console-plugin');
-  const [allowOverride, setAllowOverride] = React.useState(false);
 
-  // Initialize with the static value if not already set
   React.useEffect(() => {
     if (field.value && !value) {
       onChange(field.value);
@@ -32,47 +23,20 @@ export const StaticField: React.FC<StaticFieldProps> = ({ field, value, onChange
 
   const displayValue = value || field.value || '';
 
-  const handleOverrideChange = (checked: boolean) => {
-    setAllowOverride(checked);
-    if (!checked && field.value) {
-      // Reset to original static value
-      onChange(field.value);
-    }
-  };
-
   const handleValueChange = (_event: React.FormEvent<HTMLInputElement>, newValue: string) => {
     onChange(newValue);
   };
 
-  const canOverride = field.override !== false; // Allow override unless explicitly disabled
-
   return (
     <>
-      <TextInput
-        id={`static-${field.name}`}
-        value={displayValue}
-        onChange={handleValueChange}
-        isReadOnly={!allowOverride}
-        placeholder={t('Static value')}
-      />
-
-      {canOverride && (
-        <Checkbox
-          id={`override-${field.name}`}
-          label={t('Allow override')}
-          isChecked={allowOverride}
-          onChange={(_event, checked) => handleOverrideChange(checked)}
-          style={{ marginTop: '8px' }}
-        />
-      )}
-
       <FormHelperText>
+        <TextInput
+          id={`static-${field.name}`}
+          value={displayValue}
+          onChange={handleValueChange}
+          placeholder={t('Static value')}
+        />
         <HelperText>
-          <HelperTextItem>
-            {allowOverride
-              ? t('You can modify this pre-filled value')
-              : t('This field has a pre-configured value')}
-          </HelperTextItem>
           {field.description && <HelperTextItem>{field.description}</HelperTextItem>}
         </HelperText>
       </FormHelperText>
diff --git a/console/src/components/SecretFormPage.tsx b/console/src/components/SecretFormPage.tsx
deleted file mode 100644
index b447bc0d1..000000000
--- a/console/src/components/SecretFormPage.tsx
+++ /dev/null
@@ -1,230 +0,0 @@
-import * as React from 'react';
-import Helmet from 'react-helmet';
-import { useTranslation } from 'react-i18next';
-import { useHistory, useRouteMatch } from 'react-router-dom';
-import {
-  ActionGroup,
-  Alert,
-  Button,
-  Card,
-  CardBody,
-  CardTitle,
-  ExpandableSection,
-  Form,
-  FormGroup,
-  PageSection,
-  Spinner,
-  Title,
-} from '@patternfly/react-core';
-import { fetchPattern, fetchSecretTemplate } from '../api';
-import { Pattern, SecretTemplate, SecretFormData, SecretDefinition, SecretField } from '../types';
-import { GenerateField } from './SecretForm/GenerateField';
-import { PromptField } from './SecretForm/PromptField';
-import { FileField } from './SecretForm/FileField';
-import { IniField } from './SecretForm/IniField';
-import { StaticField } from './SecretForm/StaticField';
-import './SecretForm/SecretForm.css';
-
-export default function SecretFormPage() {
-  const { t } = useTranslation('plugin__patterns-operator-console-plugin');
-  const history = useHistory();
-  const match = useRouteMatch<{ name: string }>('/patterns/install/:name/secrets');
-  const name = match?.params?.name;
-
-  const [loading, setLoading] = React.useState(true);
-  const [fetchError, setFetchError] = React.useState<string | null>(null);
-  const [submitting, setSubmitting] = React.useState(false);
-
-  const [pattern, setPattern] = React.useState<Pattern | null>(null);
-  const [secretTemplate, setSecretTemplate] = React.useState<SecretTemplate | null>(null);
-  const [secretFormData, setSecretFormData] = React.useState<SecretFormData>({});
-  const [expandedSections, setExpandedSections] = React.useState<Record<string, boolean>>({});
-
-  React.useEffect(() => {
-    Promise.all([fetchPattern(name), fetchSecretTemplate(name)])
-      .then(([patternData, templateData]) => {
-        setPattern(patternData);
-        setSecretTemplate(templateData);
-
-        // Initialize form data
-        if (templateData) {
-          const initialData: SecretFormData = {};
-          const initialExpanded: Record<string, boolean> = {};
-
-          templateData.secrets.forEach((secret, index) => {
-            initialData[secret.name] = {};
-            secret.fields.forEach((field) => {
-              initialData[secret.name][field.name] = '';
-            });
-            // Expand the first section by default
-            initialExpanded[secret.name] = index === 0;
-          });
-
-          setSecretFormData(initialData);
-          setExpandedSections(initialExpanded);
-        }
-
-        setLoading(false);
-      })
-      .catch((err) => {
-        setFetchError(err?.message || String(err));
-        setLoading(false);
-      });
-  }, [name]);
-
-  const handleFieldChange = (
-    secretName: string,
-    fieldName: string,
-    value: string | File | null,
-  ) => {
-    setSecretFormData((prev) => ({
-      ...prev,
-      [secretName]: {
-        ...prev[secretName],
-        [fieldName]: value,
-      },
-    }));
-  };
-
-  const handleContinue = () => {
-    setSubmitting(true);
-    // Navigate back to install page with secret data in state
-    history.push(`/patterns/install/${name}`, { secretData: secretFormData, secretTemplate });
-  };
-
-  const handleSkip = () => {
-    // Navigate back to install page without secrets
-    history.push(`/patterns/install/${name}`);
-  };
-
-  const toggleSection = (sectionName: string) => {
-    setExpandedSections((prev) => ({
-      ...prev,
-      [sectionName]: !prev[sectionName],
-    }));
-  };
-
-  const getFieldType = (field: SecretField): 'generate' | 'prompt' | 'file' | 'ini' | 'static' => {
-    if (field.onMissingValue === 'generate') return 'generate';
-    if (field.path) return 'file';
-    if (field.ini_file) return 'ini';
-    if (field.value !== undefined && field.value !== null) return 'static';
-    return 'prompt'; // Default to prompt for required fields
-  };
-
-  const renderField = (secret: SecretDefinition, field: SecretField) => {
-    const fieldType = getFieldType(field);
-    const value = secretFormData[secret.name]?.[field.name] || '';
-
-    const commonProps = {
-      field,
-      value,
-      onChange: (newValue: string | File | null) =>
-        handleFieldChange(secret.name, field.name, newValue),
-    };
-
-    switch (fieldType) {
-      case 'generate':
-        return <GenerateField key={field.name} {...commonProps} />;
-      case 'prompt':
-        return <PromptField key={field.name} {...commonProps} />;
-      case 'file':
-        return <FileField key={field.name} {...commonProps} />;
-      case 'ini':
-        return <IniField key={field.name} {...commonProps} />;
-      case 'static':
-        return <StaticField key={field.name} {...commonProps} />;
-      default:
-        return <PromptField key={field.name} {...commonProps} />;
-    }
-  };
-
-  if (loading) {
-    return (
-      <PageSection>
-        <Spinner aria-label={t('Loading secret template')} />
-      </PageSection>
-    );
-  }
-
-  if (fetchError) {
-    return (
-      <PageSection>
-        <Alert variant="danger" title={t('Failed to load secret template')}>
-          {fetchError}
-        </Alert>
-      </PageSection>
-    );
-  }
-
-  if (!secretTemplate) {
-    // No secret template found, redirect back to install
-    React.useEffect(() => {
-      history.push(`/patterns/install/${name}`);
-    }, []);
-    return null;
-  }
-
-  return (
-    <>
-      <Helmet>
-        <title>{t('Configure Secrets')}</title>
-      </Helmet>
-      <PageSection>
-        <Title headingLevel="h1">
-          {t('Configure Secrets for {{patternName}}', {
-            patternName: pattern?.display_name || name,
-          })}
-        </Title>
-      </PageSection>
-      <PageSection>
-        <Form className="patterns-operator__secret-form">
-          {secretTemplate.secrets.map((secret) => (
-            <ExpandableSection
-              key={secret.name}
-              toggleText={secret.name}
-              isExpanded={expandedSections[secret.name] || false}
-              onToggle={() => toggleSection(secret.name)}
-              className="patterns-operator__secret-section"
-            >
-              <Card>
-                <CardTitle>{secret.name}</CardTitle>
-                <CardBody>
-                  {secret.fields.map((field) => (
-                    <FormGroup
-                      key={field.name}
-                      label={field.name}
-                      helperText={field.description}
-                      isRequired={getFieldType(field) === 'prompt'}
-                      fieldId={`secret-${secret.name}-${field.name}`}
-                      className="patterns-operator__secret-field"
-                    >
-                      {renderField(secret, field)}
-                    </FormGroup>
-                  ))}
-                </CardBody>
-              </Card>
-            </ExpandableSection>
-          ))}
-
-          <ActionGroup className="patterns-operator__secret-actions">
-            <Button
-              variant="primary"
-              onClick={handleContinue}
-              isLoading={submitting}
-              isDisabled={submitting}
-            >
-              {t('Continue to Install')}
-            </Button>
-            <Button variant="secondary" onClick={handleSkip}>
-              {t('Skip Secrets')}
-            </Button>
-            <Button variant="link" onClick={() => history.push('/patterns')}>
-              {t('Cancel')}
-            </Button>
-          </ActionGroup>
-        </Form>
-      </PageSection>
-    </>
-  );
-}
diff --git a/console/src/types.ts b/console/src/types.ts
index 1f1386d34..7af57d86f 100644
--- a/console/src/types.ts
+++ b/console/src/types.ts
@@ -82,6 +82,22 @@ export interface SecretField {
 
 export interface SecretFormData {
   [secretName: string]: {
-    [fieldName: string]: string | File | null;
+    [fieldName: string]: string | null;
   };
 }
+
+/** One user-uploaded file; becomes a dedicated Secret mounted under {@link VAULT_UPLOADS_MOUNT_PREFIX}. */
+export interface VaultInjectionFileArtifact {
+  /** Path segment under the uploads mount (unique per secret+field). */
+  slug: string;
+  /** Raw file bytes, base64-encoded (valid for Kubernetes Secret `data`). */
+  dataBase64: string;
+}
+
+export interface VaultInjectionPayload {
+  valuesSecretYaml: string;
+  fileArtifacts: VaultInjectionFileArtifact[];
+}
+
+/** Mount path in the vault injection Job pod; must match paths emitted in values-secret.yaml for file fields. */
+export const VAULT_UPLOADS_MOUNT_PREFIX = '/vault-uploads';
diff --git a/console/src/vaultSecrets.ts b/console/src/vaultSecrets.ts
index dbac0e87d..83edd202a 100644
--- a/console/src/vaultSecrets.ts
+++ b/console/src/vaultSecrets.ts
@@ -1,29 +1,62 @@
-import type { SecretFormData, SecretTemplate } from './types';
+import type {
+  SecretFormData,
+  SecretTemplate,
+  SecretField,
+  SecretDefinition,
+  VaultInjectionPayload,
+  VaultInjectionFileArtifact,
+} from './types';
+import { VAULT_UPLOADS_MOUNT_PREFIX } from './types';
+import { Document } from 'yaml';
+
+function isFileTemplateField(fieldDef: SecretField): boolean {
+  return Boolean(fieldDef.path);
+}
+
+/** Slug used as relative path under {@link VAULT_UPLOADS_MOUNT_PREFIX} (projected volume `path`). */
+function fileUploadSlug(secretName: string, fieldName: string): string {
+  const raw = `${secretName}_${fieldName}`;
+  const slug = raw
+    .toLowerCase()
+    .replace(/[^a-z0-9_.-]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .slice(0, 200);
+  return slug || 'upload';
+}
 
 /**
- * Build values-secret.yaml and template JSON for the vault injection API,
+ * Build values-secret.yaml plus file artifacts for separate Kubernetes Secrets,
  * from catalog template + user form values (same structure as vault_load_secrets / parse_secrets_info v2.0).
  */
-export async function buildVaultInjectionYaml(
+export function buildVaultInjectionPayload(
   secretTemplate: SecretTemplate,
   secretFormData: SecretFormData,
-): Promise<{ valuesSecretYaml: string; templateYaml: string }> {
-  const yaml = await import('js-yaml');
+): VaultInjectionPayload {
+  const fileArtifacts: VaultInjectionFileArtifact[] = [];
 
   const secretsList = secretTemplate.secrets.map((secretDef) => {
     const formValues = secretFormData[secretDef.name] || {};
-    const secret: Record<string, unknown> = { name: secretDef.name };
+    const secret: SecretDefinition = { name: secretDef.name, fields: [] };
     if (secretDef.vaultMount) secret.vaultMount = secretDef.vaultMount;
     if (secretDef.vaultPrefixes) secret.vaultPrefixes = secretDef.vaultPrefixes;
     secret.fields = secretDef.fields.map((fieldDef) => {
-      const field: Record<string, unknown> = { name: fieldDef.name };
+      const field: SecretField = { name: fieldDef.name };
       if (fieldDef.onMissingValue) field.onMissingValue = fieldDef.onMissingValue;
       if (fieldDef.vaultPolicy) field.vaultPolicy = fieldDef.vaultPolicy;
-      if (fieldDef.base64) field.base64 = fieldDef.base64;
       if (fieldDef.override) field.override = fieldDef.override;
       const val = formValues[fieldDef.name];
-      if (typeof val === 'string' && val !== '') {
-        field.value = val;
+      const hasVal = val !== null && val !== undefined && val !== '';
+
+      if (isFileTemplateField(fieldDef) && hasVal) {
+        const slug = fileUploadSlug(secretDef.name, fieldDef.name);
+        field.path = `${VAULT_UPLOADS_MOUNT_PREFIX}/${slug}`;
+        field.base64 = true;
+        fileArtifacts.push({ slug, dataBase64: val as string });
+        return field;
+      }
+
+      if (hasVal) {
+        field.value = val as string;
         if (fieldDef.onMissingValue === 'generate') {
           delete field.onMissingValue;
           delete field.vaultPolicy;
@@ -34,13 +67,20 @@ export async function buildVaultInjectionYaml(
     return secret;
   });
 
+  const vaultPolicies = secretTemplate.vaultPolicies;
+  const hasVaultPolicies =
+    vaultPolicies != null &&
+    typeof vaultPolicies === 'object' &&
+    Object.keys(vaultPolicies).length > 0;
+
   const vaultSecretStructure: SecretTemplate = {
     version: '2.0',
-    secrets: secretsList as unknown as SecretTemplate['secrets'],
-    vaultPolicies: secretTemplate?.vaultPolicies || null,
+    secrets: secretsList,
+    ...(hasVaultPolicies ? { vaultPolicies } : {}),
   };
+  const doc = new Document(vaultSecretStructure);
+
+  const valuesSecretYaml = doc.toString({ lineWidth: 0 });
 
-  const valuesSecretYaml = yaml.dump(vaultSecretStructure);
-  const templateYaml = JSON.stringify(secretTemplate, null, 2);
-  return { valuesSecretYaml, templateYaml };
+  return { valuesSecretYaml, fileArtifacts };
 }
diff --git a/console/yarn.lock b/console/yarn.lock
index 08604b51c..d57b89e92 100644
--- a/console/yarn.lock
+++ b/console/yarn.lock
@@ -7902,6 +7902,11 @@ yallist@^4.0.0:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
   integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
 
+yaml@^2.8.3:
+  version "2.8.3"
+  resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.8.3.tgz#a0d6bd2efb3dd03c59370223701834e60409bd7d"
+  integrity sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==
+
 yargs-parser@^18.1.2:
   version "18.1.3"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.3.tgz#be68c4975c6b2abf469236b0c870362fab09a7b0"

From 321164f8800aa742076bc025bf281c291735a778 Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Wed, 29 Apr 2026 16:52:49 +0200
Subject: [PATCH 5/7] fix: ini field upload

---
 console/src/components/SecretForm/IniField.tsx | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/console/src/components/SecretForm/IniField.tsx b/console/src/components/SecretForm/IniField.tsx
index a86b8429c..be3a7a25a 100644
--- a/console/src/components/SecretForm/IniField.tsx
+++ b/console/src/components/SecretForm/IniField.tsx
@@ -79,8 +79,8 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
     return result;
   };
 
-  const handleFileInputChange = (file: File | null, filename: string) => {
-    setFilename(filename);
+  const handleFileInputChange = (_, file: File) => {
+    setFilename(file.name);
 
     if (!file) {
       setFileContent('');
@@ -162,9 +162,11 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
     <>
       <FileUpload
         id={`ini-file-${field.name}`}
+        type="text"
+        hideDefaultPreview
         value={fileContent}
         filename={filename}
-        onChange={handleFileInputChange}
+        onFileInputChange={handleFileInputChange}
         onClearClick={handleClear}
         dropzoneProps={{
           accept: {
@@ -193,7 +195,7 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
       )}
 
       {value && (
-        <TextArea value={value} isReadOnly aria-label={t('Extracted value preview')} rows={4} />
+        <TextArea value={value} readOnly={true} aria-label={t('Extracted value preview')} rows={4} />
       )}
 
       <FormHelperText>

From c7addf24abff098c1deff6e800278e8c1284bbfb Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Mon, 4 May 2026 11:23:48 +0200
Subject: [PATCH 6/7] fix: file/ini fields to be required

---
 ...gin__patterns-operator-console-plugin.json | 20 +++---
 console/src/components/InstallPatternPage.tsx | 43 +++++++++--
 console/src/components/ManageSecretsPage.tsx  | 38 ++++++++--
 .../src/components/SecretForm/FileField.tsx   | 18 +++--
 .../src/components/SecretForm/IniField.tsx    | 21 +++++-
 .../SecretFormExpandableSections.tsx          | 71 +++++++++++--------
 .../src/components/SecretForm/StaticField.tsx |  1 +
 console/src/vaultSecrets.ts                   | 41 +++++++++++
 8 files changed, 194 insertions(+), 59 deletions(-)

diff --git a/console/locales/en/plugin__patterns-operator-console-plugin.json b/console/locales/en/plugin__patterns-operator-console-plugin.json
index 1437ac297..c4e55bd70 100644
--- a/console/locales/en/plugin__patterns-operator-console-plugin.json
+++ b/console/locales/en/plugin__patterns-operator-console-plugin.json
@@ -1,6 +1,8 @@
 {
+  "A file upload is required.": "A file upload is required.",
   "Additional requirements": "Additional requirements",
   "Allow override": "Allow override",
+  "An INI file upload is required.": "An INI file upload is required.",
   "Applications": "Applications",
   "Auto-generate this value": "Auto-generate this value",
   "Back to catalog": "Back to catalog",
@@ -9,17 +11,17 @@
   "Catalog source": "Catalog source",
   "Checking vault status": "Checking vault status",
   "Cluster": "Cluster",
-  "Configure Secrets": "Configure Secrets",
-  "Configure Secrets for {{patternName}}": "Configure Secrets for {{patternName}}",
+  "Configure secrets for this pattern. File and INI fields are required before install.": "Configure secrets for this pattern. File and INI fields are required before install.",
   "Configure secrets that will be injected into Vault for this pattern.": "Configure secrets that will be injected into Vault for this pattern.",
   "Confirm Uninstall": "Confirm Uninstall",
-  "Continue to Install": "Continue to Install",
   "Current Step": "Current Step",
   "Deleting": "Deleting",
   "Deletion Progress": "Deletion Progress",
   "Docs": "Docs",
+  "Drag and drop a file or upload one": "Drag and drop a file or upload one",
   "Enter manual value": "Enter manual value",
   "Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.": "Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.",
+  "Enter or update the secrets that will be injected into Vault for this pattern. File and INI fields must be uploaded each time. Other fields may be left empty to keep existing Vault values.": "Enter or update the secrets that will be injected into Vault for this pattern. File and INI fields must be uploaded each time. Other fields may be left empty to keep existing Vault values.",
   "Enter value for {{fieldName}}": "Enter value for {{fieldName}}",
   "Error": "Error",
   "Extracted value preview": "Extracted value preview",
@@ -30,11 +32,11 @@
   "Failed to load secret template": "Failed to load secret template",
   "Failed to parse INI file": "Failed to parse INI file",
   "Failed to read file": "Failed to read file",
-  "File content will be automatically base64 encoded": "File content will be automatically base64 encoded",
-  "File will be stored at: {{path}}": "File will be stored at: {{path}}",
   "Health": "Health",
   "Hub": "Hub",
   "I want to use my own fork": "I want to use my own fork",
+  "If checked this value will be automatically generated using vault policies": "If checked this value will be automatically generated using vault policies",
+  "If the secret already exists in the vault it will be changed if override is set to true": "If the secret already exists in the vault it will be changed if override is set to true",
   "Inject Secrets": "Inject Secrets",
   "Install": "Install",
   "Install Pattern": "Install Pattern",
@@ -68,12 +70,12 @@
   "Reconciliation Status": "Reconciliation Status",
   "Reconciling": "Reconciling",
   "Repo": "Repo",
+  "Secret configuration": "Secret configuration",
   "Secret Configuration": "Secret Configuration",
   "Secrets Configuration": "Secrets Configuration",
   "Secrets submitted successfully": "Secrets submitted successfully",
   "Select a section": "Select a section",
   "Select INI section": "Select INI section",
-  "Skip Secrets": "Skip Secrets",
   "Spoke": "Spoke",
   "Static value": "Static value",
   "Sync": "Sync",
@@ -83,23 +85,17 @@
   "Tested Requirements:": "Tested Requirements:",
   "The pattern and all its associated resources have been fully deleted.": "The pattern and all its associated resources have been fully deleted.",
   "The vault injection job has been created.": "The vault injection job has been created.",
-  "This field has a pre-configured value": "This field has a pre-configured value",
   "This field is required": "This field is required",
   "This is the sizing that has been tested. The pattern is expected to work on any similarly-sized architecture.": "This is the sizing that has been tested. The pattern is expected to work on any similarly-sized architecture.",
   "This pattern does not have a secret template defined.": "This pattern does not have a secret template defined.",
-  "This value will be automatically generated using vault policies": "This value will be automatically generated using vault policies",
   "This will delete the pattern and all its deployed resources.": "This will delete the pattern and all its deployed resources.",
   "Tier": "Tier",
   "Uninstall": "Uninstall",
   "Uninstall Pattern": "Uninstall Pattern",
-  "Upload a file that will be base64 encoded": "Upload a file that will be base64 encoded",
-  "Upload a text file": "Upload a text file",
   "Upload an INI/configuration file to extract values": "Upload an INI/configuration file to extract values",
   "Vault policy: {{policy}}": "Vault policy: {{policy}}",
   "Vault Secret Injection": "Vault Secret Injection",
   "Waiting for applications": "Waiting for applications",
   "Waiting for ArgoCD applications to be created...": "Waiting for ArgoCD applications to be created...",
-  "You can manually override the auto-generated value": "You can manually override the auto-generated value",
-  "You can modify this pre-filled value": "You can modify this pre-filled value",
   "Your pattern has been created. The operator is now reconciling it.": "Your pattern has been created. The operator is now reconciling it."
 }
\ No newline at end of file
diff --git a/console/src/components/InstallPatternPage.tsx b/console/src/components/InstallPatternPage.tsx
index 72fd0048c..ed288490e 100644
--- a/console/src/components/InstallPatternPage.tsx
+++ b/console/src/components/InstallPatternPage.tsx
@@ -33,7 +33,11 @@ import {
   PatternCRStatus,
 } from '../api';
 import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
-import { buildVaultInjectionPayload } from '../vaultSecrets';
+import {
+  buildVaultInjectionPayload,
+  getMissingFileAndIniFields,
+  secretTemplateHasFileOrIniFields,
+} from '../vaultSecrets';
 import { SecretTemplate, SecretFormData } from '../types';
 import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
 import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
@@ -73,6 +77,7 @@ export default function InstallPatternPage() {
   const [secretTemplate, setSecretTemplate] = React.useState<SecretTemplate | null>(null);
   const [secretFormData, setSecretFormData] = React.useState<SecretFormData>({});
   const [expandedSections, setExpandedSections] = React.useState<Record<string, boolean>>({});
+  const [secretsValidationAttempted, setSecretsValidationAttempted] = React.useState(false);
   const { vaultJobStatus, setVaultJobStatus, checkingVaultStatus, checkVaultJobStatus } =
     useVaultJobPolling(patternName);
   const [patternStatus, setPatternStatus] = React.useState<PatternCRStatus | null>(null);
@@ -254,9 +259,26 @@ export default function InstallPatternPage() {
 
   const handleSubmit = async () => {
     console.log('🚀 [InstallPatternPage] Starting pattern installation process');
-    setSubmitting(true);
+
+    if (secretTemplate) {
+      const missingUploads = getMissingFileAndIniFields(secretTemplate, secretFormData);
+      if (missingUploads.length > 0) {
+        setSecretsValidationAttempted(true);
+        setExpandedSections((prev) => {
+          const next = { ...prev };
+          missingUploads.forEach(({ secretName }) => {
+            next[secretName] = true;
+          });
+          return next;
+        });
+        return;
+      }
+    }
+    setSecretsValidationAttempted(false);
     setSubmitError(null);
 
+    setSubmitting(true);
+
     try {
       const hasSecrets = secretFormData && Object.keys(secretFormData).length > 0 && secretTemplate;
       console.log('📊 [InstallPatternPage] Installation details:', {
@@ -555,8 +577,20 @@ export default function InstallPatternPage() {
             {/* Secrets Configuration Section */}
             {secretTemplate && (
               <FormGroup label={t('Secrets Configuration')} fieldId="pattern-secrets">
-                <Alert variant="info" title={t('Optional Secret Configuration')} isInline>
-                  {t('Configure secrets that will be injected into Vault for this pattern.')}
+                <Alert
+                  variant="info"
+                  title={
+                    secretTemplateHasFileOrIniFields(secretTemplate)
+                      ? t('Secret configuration')
+                      : t('Optional Secret Configuration')
+                  }
+                  isInline
+                >
+                  {secretTemplateHasFileOrIniFields(secretTemplate)
+                    ? t(
+                        'Configure secrets for this pattern. File and INI fields are required before install.',
+                      )
+                    : t('Configure secrets that will be injected into Vault for this pattern.')}
                 </Alert>
                 <SecretFormExpandableSections
                   secrets={secretTemplate.secrets}
@@ -564,6 +598,7 @@ export default function InstallPatternPage() {
                   expandedSections={expandedSections}
                   onToggleSection={toggleSection}
                   onFieldChange={handleFieldChange}
+                  secretsValidationAttempted={secretsValidationAttempted}
                 />
               </FormGroup>
             )}
diff --git a/console/src/components/ManageSecretsPage.tsx b/console/src/components/ManageSecretsPage.tsx
index eb5683ae5..ed22cf551 100644
--- a/console/src/components/ManageSecretsPage.tsx
+++ b/console/src/components/ManageSecretsPage.tsx
@@ -17,7 +17,11 @@ import {
   triggerVaultInjection as apiTriggerVaultInjection,
 } from '../api';
 import { useVaultJobPolling } from '../hooks/useVaultJobPolling';
-import { buildVaultInjectionPayload } from '../vaultSecrets';
+import {
+  buildVaultInjectionPayload,
+  getMissingFileAndIniFields,
+  secretTemplateHasFileOrIniFields,
+} from '../vaultSecrets';
 import { SecretTemplate, SecretFormData } from '../types';
 import { SecretFormExpandableSections } from './SecretForm/SecretFormExpandableSections';
 import { VaultInjectionStatusAlert } from './SecretForm/VaultInjectionStatusAlert';
@@ -40,6 +44,7 @@ export default function ManageSecretsPage() {
   const [secretTemplate, setSecretTemplate] = React.useState<SecretTemplate | null>(null);
   const [secretFormData, setSecretFormData] = React.useState<SecretFormData>({});
   const [expandedSections, setExpandedSections] = React.useState<Record<string, boolean>>({});
+  const [secretsValidationAttempted, setSecretsValidationAttempted] = React.useState(false);
   const { vaultJobStatus, setVaultJobStatus, checkingVaultStatus, checkVaultJobStatus } =
     useVaultJobPolling(patternName);
 
@@ -76,11 +81,27 @@ export default function ManageSecretsPage() {
   }, [name]);
 
   const handleSubmit = async () => {
-    setSubmitting(true);
-    setSubmitError(null);
+    if (!secretTemplate) return;
+
     setSuccess(false);
     setVaultJobStatus(null);
 
+    const missingUploads = getMissingFileAndIniFields(secretTemplate, secretFormData);
+    if (missingUploads.length > 0) {
+      setSecretsValidationAttempted(true);
+      setExpandedSections((prev) => {
+        const next = { ...prev };
+        missingUploads.forEach(({ secretName }) => {
+          next[secretName] = true;
+        });
+        return next;
+      });
+      return;
+    }
+    setSecretsValidationAttempted(false);
+    setSubmitError(null);
+
+    setSubmitting(true);
     try {
       const { valuesSecretYaml, fileArtifacts } = buildVaultInjectionPayload(
         secretTemplate,
@@ -192,9 +213,13 @@ export default function ManageSecretsPage() {
           }}
         >
           <Alert variant="info" title={t('Secret Configuration')} isInline>
-            {t(
-              'Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.',
-            )}
+            {secretTemplateHasFileOrIniFields(secretTemplate)
+              ? t(
+                  'Enter or update the secrets that will be injected into Vault for this pattern. File and INI fields must be uploaded each time. Other fields may be left empty to keep existing Vault values.',
+                )
+              : t(
+                  'Enter or update the secrets that will be injected into Vault for this pattern. Fields left empty will retain their existing values in Vault.',
+                )}
           </Alert>
           <SecretFormExpandableSections
             secrets={secretTemplate.secrets}
@@ -202,6 +227,7 @@ export default function ManageSecretsPage() {
             expandedSections={expandedSections}
             onToggleSection={toggleSection}
             onFieldChange={handleFieldChange}
+            secretsValidationAttempted={secretsValidationAttempted}
           />
 
           <ActionGroup>
diff --git a/console/src/components/SecretForm/FileField.tsx b/console/src/components/SecretForm/FileField.tsx
index 5c0c56555..76155594f 100644
--- a/console/src/components/SecretForm/FileField.tsx
+++ b/console/src/components/SecretForm/FileField.tsx
@@ -16,9 +16,11 @@ interface FileFieldProps {
   };
   value: string | null;
   onChange: (value: string | null) => void;
+  /** Shown under the control; also sets FileUpload `validated` to error when set. */
+  fieldError?: string;
 }
 
-export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange }) => {
+export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange, fieldError }) => {
   const { t } = useTranslation('plugin__patterns-operator-console-plugin');
   const [filename, setFilename] = React.useState('');
 
@@ -30,7 +32,6 @@ export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange })
     reader.onload = () => {
       const base64filecontent = reader.result.toString().split(',')[1]; // Remove data:type;base64, prefix
       onChange(base64filecontent);
-      console.log(base64filecontent);
     };
   };
 
@@ -46,7 +47,9 @@ export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange })
         value={value}
         filename={filename}
         type="text"
+        isRequired={true}
         hideDefaultPreview
+        validated={fieldError ? 'error' : 'default'}
         filenamePlaceholder={t('Drag and drop a file or upload one')}
         onFileInputChange={handleFileInputChange}
         onClearClick={handleClear}
@@ -59,9 +62,14 @@ export const FileField: React.FC<FileFieldProps> = ({ field, value, onChange })
       >
         <FileUploadHelperText>
           <HelperText>
-            <HelperTextItem id={`file-${field.name}-helpertext`}>
-              {field.description}
-            </HelperTextItem>
+            {fieldError && (
+              <HelperTextItem variant="error" id={`file-${field.name}-error`}>
+                {fieldError}
+              </HelperTextItem>
+            )}
+            {field.description && (
+              <HelperTextItem id={`file-${field.name}-helpertext`}>{field.description}</HelperTextItem>
+            )}
           </HelperText>
         </FileUploadHelperText>
       </FileUpload>
diff --git a/console/src/components/SecretForm/IniField.tsx b/console/src/components/SecretForm/IniField.tsx
index be3a7a25a..14f609552 100644
--- a/console/src/components/SecretForm/IniField.tsx
+++ b/console/src/components/SecretForm/IniField.tsx
@@ -21,6 +21,8 @@ interface IniFieldProps {
   };
   value: string;
   onChange: (value: string) => void;
+  /** Shown under the upload; also sets FileUpload `validated` to error when set. */
+  fieldError?: string;
 }
 
 interface ParsedIni {
@@ -29,7 +31,7 @@ interface ParsedIni {
   };
 }
 
-export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) => {
+export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange, fieldError }) => {
   const { t } = useTranslation('plugin__patterns-operator-console-plugin');
   const [filename, setFilename] = React.useState('');
   const [fileContent, setFileContent] = React.useState('');
@@ -166,6 +168,8 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
         hideDefaultPreview
         value={fileContent}
         filename={filename}
+        isRequired={true}
+        validated={fieldError ? 'error' : 'default'}
         onFileInputChange={handleFileInputChange}
         onClearClick={handleClear}
         dropzoneProps={{
@@ -175,6 +179,14 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
         }}
       />
 
+      {fieldError && (
+        <FormHelperText>
+          <HelperText>
+            <HelperTextItem variant="error">{fieldError}</HelperTextItem>
+          </HelperText>
+        </FormHelperText>
+      )}
+
       {parseError && (
         <Alert variant="danger" title={t('Parse Error')} isInline>
           {parseError}
@@ -195,7 +207,12 @@ export const IniField: React.FC<IniFieldProps> = ({ field, value, onChange }) =>
       )}
 
       {value && (
-        <TextArea value={value} readOnly={true} aria-label={t('Extracted value preview')} rows={4} />
+        <TextArea
+          value={value}
+          readOnly={true}
+          aria-label={t('Extracted value preview')}
+          rows={4}
+        />
       )}
 
       <FormHelperText>
diff --git a/console/src/components/SecretForm/SecretFormExpandableSections.tsx b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
index d5cdb3733..deec422c9 100644
--- a/console/src/components/SecretForm/SecretFormExpandableSections.tsx
+++ b/console/src/components/SecretForm/SecretFormExpandableSections.tsx
@@ -1,31 +1,26 @@
 import * as React from 'react';
+import { useTranslation } from 'react-i18next';
 import { Card, CardBody, CardTitle, ExpandableSection, FormGroup } from '@patternfly/react-core';
 import { SecretDefinition, SecretField, SecretFormData } from '../../types';
+import { getSecretFieldKind } from '../../vaultSecrets';
 import { GenerateField } from './GenerateField';
-import { PromptField } from './PromptField';
 import { FileField } from './FileField';
 import { IniField } from './IniField';
 import { StaticField } from './StaticField';
 import './SecretForm.css';
 
-function getFieldType(field: SecretField): 'generate' | 'prompt' | 'file' | 'ini' | 'static' {
-  if (field.onMissingValue === 'generate') return 'generate';
-  if (field.path) return 'file';
-  if (field.ini_file) return 'ini';
-  if (field.value !== undefined && field.value !== null) return 'static';
-  return 'prompt';
-}
-
 export type SecretFormExpandableSectionsProps = {
   secrets: SecretDefinition[];
   secretFormData: SecretFormData;
   expandedSections: Record<string, boolean>;
   onToggleSection: (sectionName: string) => void;
   onFieldChange: (secretName: string, fieldName: string, value: string | null) => void;
+  /** When true, empty `file` / `ini` fields show validation errors (after a blocked submit). */
+  secretsValidationAttempted?: boolean;
 };
 
 /**
- * Expandable cards per secret definition with typed fields (generate, prompt, file, ini, static).
+ * Expandable cards per secret definition with typed fields (generate, file, ini, static).
  */
 export function SecretFormExpandableSections({
   secrets,
@@ -33,31 +28,35 @@ export function SecretFormExpandableSections({
   expandedSections,
   onToggleSection,
   onFieldChange,
+  secretsValidationAttempted = false,
 }: SecretFormExpandableSectionsProps) {
-  const renderField = (secret: SecretDefinition, field: SecretField) => {
-    const fieldType = getFieldType(field);
+  const { t } = useTranslation('plugin__patterns-operator-console-plugin');
+
+  const renderField = (
+    secret: SecretDefinition,
+    field: SecretField,
+    uploadFieldError?: string,
+  ) => {
+    const fieldType = getSecretFieldKind(field);
     const value = secretFormData[secret.name]?.[field.name] || '';
 
     const commonProps = {
       field,
       value,
-      onChange: (newValue: string | null) =>
-        onFieldChange(secret.name, field.name, newValue),
+      onChange: (newValue: string | null) => onFieldChange(secret.name, field.name, newValue),
     };
 
     switch (fieldType) {
       case 'generate':
         return <GenerateField key={field.name} {...commonProps} />;
-      case 'prompt':
-        return <PromptField key={field.name} {...commonProps} />;
       case 'file':
-        return <FileField key={field.name} {...commonProps} />;
+        return <FileField key={field.name} {...commonProps} fieldError={uploadFieldError} />;
       case 'ini':
-        return <IniField key={field.name} {...commonProps} />;
+        return <IniField key={field.name} {...commonProps} fieldError={uploadFieldError} />;
       case 'static':
         return <StaticField key={field.name} {...commonProps} />;
       default:
-        return <PromptField key={field.name} {...commonProps} />;
+        return <StaticField key={field.name} {...commonProps} />;
     }
   };
 
@@ -74,17 +73,29 @@ export function SecretFormExpandableSections({
           <Card>
             <CardTitle>{secret.name}</CardTitle>
             <CardBody>
-              {secret.fields.map((field) => (
-                <FormGroup
-                  key={field.name}
-                  label={field.name}
-                  isRequired={getFieldType(field) === 'prompt'}
-                  fieldId={`secret-${secret.name}-${field.name}`}
-                  className="patterns-operator__secret-field"
-                >
-                  {renderField(secret, field)}
-                </FormGroup>
-              ))}
+              {secret.fields.map((field) => {
+                const fieldType = getSecretFieldKind(field);
+                const rawVal = secretFormData[secret.name]?.[field.name];
+                const emptyFileIni =
+                  (fieldType === 'file' || fieldType === 'ini') &&
+                  (rawVal === null || rawVal === undefined || rawVal === '');
+                const showFileIniError = secretsValidationAttempted && emptyFileIni;
+                const helperInvalid =
+                  fieldType === 'file'
+                    ? t('A file upload is required.')
+                    : t('An INI file upload is required.');
+                return (
+                  <FormGroup
+                    key={field.name}
+                    label={field.name}
+                    isRequired={true}
+                    fieldId={`secret-${secret.name}-${field.name}`}
+                    className="patterns-operator__secret-field"
+                  >
+                    {renderField(secret, field, showFileIniError ? helperInvalid : undefined)}
+                  </FormGroup>
+                );
+              })}
             </CardBody>
           </Card>
         </ExpandableSection>
diff --git a/console/src/components/SecretForm/StaticField.tsx b/console/src/components/SecretForm/StaticField.tsx
index c0b146872..681c4e3f6 100644
--- a/console/src/components/SecretForm/StaticField.tsx
+++ b/console/src/components/SecretForm/StaticField.tsx
@@ -33,6 +33,7 @@ export const StaticField: React.FC<StaticFieldProps> = ({ field, value, onChange
         <TextInput
           id={`static-${field.name}`}
           value={displayValue}
+          isRequired={true}
           onChange={handleValueChange}
           placeholder={t('Static value')}
         />
diff --git a/console/src/vaultSecrets.ts b/console/src/vaultSecrets.ts
index 83edd202a..ab0e418be 100644
--- a/console/src/vaultSecrets.ts
+++ b/console/src/vaultSecrets.ts
@@ -13,6 +13,47 @@ function isFileTemplateField(fieldDef: SecretField): boolean {
   return Boolean(fieldDef.path);
 }
 
+/** Mirrors {@link SecretFormExpandableSections} field routing: generate → file → ini → static. */
+export function getSecretFieldKind(field: SecretField): 'generate' | 'file' | 'ini' | 'static' {
+  if (field.onMissingValue === 'generate') return 'generate';
+  if (field.path) return 'file';
+  if (field.ini_file) return 'ini';
+  return 'static';
+}
+
+function isSecretFormValuePresent(val: string | null | undefined): boolean {
+  return val !== null && val !== undefined && val !== '';
+}
+
+/** Every catalog `file` and `ini` field must have a non-empty form value before vault injection. */
+export function getMissingFileAndIniFields(
+  secretTemplate: SecretTemplate,
+  secretFormData: SecretFormData,
+): Array<{ secretName: string; fieldName: string }> {
+  const missing: Array<{ secretName: string; fieldName: string }> = [];
+  for (const secretDef of secretTemplate.secrets) {
+    const formValues = secretFormData[secretDef.name] || {};
+    for (const fieldDef of secretDef.fields) {
+      const kind = getSecretFieldKind(fieldDef);
+      if (kind !== 'file' && kind !== 'ini') continue;
+      if (!isSecretFormValuePresent(formValues[fieldDef.name])) {
+        missing.push({ secretName: secretDef.name, fieldName: fieldDef.name });
+      }
+    }
+  }
+  return missing;
+}
+
+export function secretTemplateHasFileOrIniFields(secretTemplate: SecretTemplate): boolean {
+  for (const secretDef of secretTemplate.secrets) {
+    for (const fieldDef of secretDef.fields) {
+      const kind = getSecretFieldKind(fieldDef);
+      if (kind === 'file' || kind === 'ini') return true;
+    }
+  }
+  return false;
+}
+
 /** Slug used as relative path under {@link VAULT_UPLOADS_MOUNT_PREFIX} (projected volume `path`). */
 function fileUploadSlug(secretName: string, fieldName: string): string {
   const raw = `${secretName}_${fieldName}`;

From 2feb2f1def1aec0411c3eb242f648bbdf949fc5c Mon Sep 17 00:00:00 2001
From: Akos Eros <aeros@redhat.com>
Date: Mon, 4 May 2026 11:28:25 +0200
Subject: [PATCH 7/7] feat: remove unused prompt field file

---
 .../src/components/SecretForm/PromptField.tsx | 64 -------------------
 1 file changed, 64 deletions(-)
 delete mode 100644 console/src/components/SecretForm/PromptField.tsx

diff --git a/console/src/components/SecretForm/PromptField.tsx b/console/src/components/SecretForm/PromptField.tsx
deleted file mode 100644
index 00b4bec39..000000000
--- a/console/src/components/SecretForm/PromptField.tsx
+++ /dev/null
@@ -1,64 +0,0 @@
-import * as React from 'react';
-import { useTranslation } from 'react-i18next';
-import {
-  FormHelperText,
-  HelperText,
-  HelperTextItem,
-  TextInput,
-  ValidatedOptions,
-} from '@patternfly/react-core';
-
-interface PromptFieldProps {
-  field: {
-    name: string;
-    description?: string;
-    prompt?: string;
-  };
-  value: string;
-  onChange: (value: string) => void;
-}
-
-export const PromptField: React.FC<PromptFieldProps> = ({ field, value, onChange }) => {
-  const { t } = useTranslation('plugin__patterns-operator-console-plugin');
-  const [validated, setValidated] = React.useState<ValidatedOptions>(ValidatedOptions.default);
-
-  const handleValueChange = (_event: React.FormEvent<HTMLInputElement>, newValue: string) => {
-    onChange(newValue);
-    // Basic validation - required field should not be empty
-    if (newValue.trim()) {
-      setValidated(ValidatedOptions.success);
-    } else {
-      setValidated(ValidatedOptions.error);
-    }
-  };
-
-  // Determine if this looks like a sensitive field based on name
-  const isSensitive =
-    field.name.toLowerCase().includes('password') ||
-    field.name.toLowerCase().includes('secret') ||
-    field.name.toLowerCase().includes('key') ||
-    field.name.toLowerCase().includes('token');
-
-  return (
-    <>
-      <TextInput
-        id={`prompt-${field.name}`}
-        type={isSensitive ? 'password' : 'text'}
-        value={value}
-        onChange={handleValueChange}
-        placeholder={field.prompt || t('Enter value for {{fieldName}}', { fieldName: field.name })}
-        validated={validated}
-        isRequired
-      />
-      <FormHelperText>
-        <HelperText>
-          <HelperTextItem variant={validated === ValidatedOptions.error ? 'error' : 'default'}>
-            {validated === ValidatedOptions.error
-              ? t('This field is required')
-              : field.description || t('Please provide a value for this required field')}
-          </HelperTextItem>
-        </HelperText>
-      </FormHelperText>
-    </>
-  );
-};