Since 3scale-2.14 it is possible to create an "Application" by using the Application-CRD.

However, it does not allow to set the application's auth-keys, e.g. API-Key or AppId/AppKey, inside the Application-CRD. Therefore, that can prevent some customers to start using this feature and still rely on the REST-API because they may generate the application's keys and pass them further on to other pipelines/teams etc.

It would be nice to be able to use a secretRef, which contains the values (in case the API-Key is used, the secret will contain one key-value-pair, in case of AppId/AppKey it would contain key-value-pairs etc) to be used.

Current behaviour:   Application's auth-key configuration is NOT available within Application-CRD.

Desired behaviour:   Application's auth-key configuration being available within Application-CRD.

HOW
We need to understand how to UI and API currently handle this before deciding on the best approach for the Operator.
In the UI you don't pass a key, the key gets generated on Application creation. After which, you can regenerate the key.
We could take the same approach as ProxyConfigPromote - treat as a one off action.