diff --git a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
index 8c2917a1a5406d11810d318a1acb748ae0415c5f..7585525dfc40aa5b70c974be717424083d94051a 100644
--- a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
+++ b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
@@ -24,6 +24,7 @@
 package de.ozgcloud.operator.keycloak.user;
 
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
@@ -122,7 +123,9 @@ class KeycloakUserRemoteService {
 		var secret = getSecret(secretName, namespace);
 		if (Objects.isNull(secret.get())) {
 			log.log(Level.INFO, "...secret does not exist, create one...");
+
 			kubernetesClient.secrets().inNamespace(namespace).create(buildSecret());
+
 			log.log(Level.INFO, "...secret created in " + namespace + " for user " + userSpec.getKeycloakUser().getUsername());
 			log.log(Level.INFO, "...load created secret...");
 			var createdSecret = getSecret(secretName, namespace);
@@ -140,7 +143,10 @@ class KeycloakUserRemoteService {
 	}
 
 	private Secret buildSecret() {
-		return new SecretBuilder().withData(Map.of(SECRET_PASSWORD_FIELD, "Y9nk43yrQ_zzIPpfFU-I")).build();
+		return new SecretBuilder()
+				.withType("Opaque")
+				.withData(Map.of(SECRET_PASSWORD_FIELD, Base64.getEncoder().encodeToString("Y9nk43yrQ_zzIPpfFU-I".getBytes())))
+				.build();
 	}
 
 	private String getPassword(Resource<Secret> secret) {