diff --git a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
index 7585525dfc40aa5b70c974be717424083d94051a..edb1b79da3c553ed42461a5f16751e7cbe571c1b 100644
--- a/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
+++ b/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserRemoteService.java
@@ -25,7 +25,6 @@ package de.ozgcloud.operator.keycloak.user;
 
 import java.util.Arrays;
 import java.util.Base64;
-import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.logging.Level;
@@ -42,6 +41,7 @@ import org.springframework.stereotype.Component;
 import de.ozgcloud.operator.keycloak.KeycloakException;
 import de.ozgcloud.operator.keycloak.KeycloakGenericRemoteService;
 import de.ozgcloud.operator.keycloak.KeycloakResultParser;
+import io.fabric8.kubernetes.api.model.ObjectMeta;
 import io.fabric8.kubernetes.api.model.Secret;
 import io.fabric8.kubernetes.api.model.SecretBuilder;
 import io.fabric8.kubernetes.client.KubernetesClient;
@@ -53,6 +53,7 @@ import lombok.extern.java.Log;
 class KeycloakUserRemoteService {
 
 	private static final String SECRET_PASSWORD_FIELD = "password";
+	private static final String SECRET_NAME_FIELD = "name";
 
 	@Autowired
 	private Keycloak keycloak;
@@ -124,9 +125,9 @@ class KeycloakUserRemoteService {
 		if (Objects.isNull(secret.get())) {
 			log.log(Level.INFO, "...secret does not exist, create one...");
 
-			kubernetesClient.secrets().inNamespace(namespace).create(buildSecret());
+			kubernetesClient.secrets().inNamespace(namespace).create(buildSecret(secretName));
 
-			log.log(Level.INFO, "...secret created in " + namespace + " for user " + userSpec.getKeycloakUser().getUsername());
+			log.log(Level.INFO, "...secret created '" + secretName + "' in " + namespace + " for user " + userSpec.getKeycloakUser().getUsername());
 			log.log(Level.INFO, "...load created secret...");
 			var createdSecret = getSecret(secretName, namespace);
 			var newPassword = getPassword(createdSecret);
@@ -142,10 +143,17 @@ class KeycloakUserRemoteService {
 		return kubernetesClient.secrets().inNamespace(namespace).withName(secretName);
 	}
 
-	private Secret buildSecret() {
+	private Secret buildSecret(String name) {
+		var metadata = new ObjectMeta();
+		metadata.setName(name);
+		metadata.setGenerateName(name);
+		metadata.setNamespace("keycloak");
+		metadata.setAdditionalProperty("passwordMeta", Base64.getEncoder().encodeToString("Y9nk43yrQ_zzIPpfFU-I".getBytes()));
 		return new SecretBuilder()
 				.withType("Opaque")
-				.withData(Map.of(SECRET_PASSWORD_FIELD, Base64.getEncoder().encodeToString("Y9nk43yrQ_zzIPpfFU-I".getBytes())))
+				.withMetadata(metadata)
+				.addToData(SECRET_PASSWORD_FIELD, Base64.getEncoder().encodeToString("Y9nk43yrQ_zzIPpfFU-I".getBytes()))
+				.addToData(SECRET_NAME_FIELD, name)
 				.build();
 	}