1. Proposed Title
Implement Write-Only RBAC Permissions and Secret Masking for OpenShift Web Console.

2. Nature and Description of the Request
The request is for a Security/Compliance enhancement regarding the handling of Secrets within the OpenShift Container Platform (OCP).Currently, users with permissions to create or manage secrets can often view the cleartext values via the Reveal Values option in the Web Console or via CLI. This would involve:

a. Allowing a Deployer role to create, update, and delete secrets.

b. Restricting the same role from using the get or watch verbs on those secrets (which prevents viewing/decoding).

c. Enforcing UI-level masking in the Web Console so the "Reveal" button is disabled or hidden based on specific granular permissions.

3. Business Requirements
a. Audit Compliance: Adhere to strict banking industry standards that mandate least privilege.

b. Credential Security: Prevent unauthorized exposure of production passwords, API keys, and certificates to infrastructure deployers.

c. Separation of Duties: Ensure that the person responsible for deploying the application (Deployer) cannot access the sensitive data used by the application.

d. Zero-Trust Console Access: Eliminate the Reveal option for specific roles within the OCP Web Console to prevent accidental or intentional data leaks.

4. Affected Packages or Components
openshift-console: Specifically the Secret detail view and the Reveal option.