gerrit-secure-config and jenkins-keycloak contain empty secret value for keycloak api

[aakinshin-lux]

After initial deployment we have noticed that jenkins and gerrit pod can't be started for both of them there is a similar issue secret value is empty, e.g. we have following output for jenkins-keycloak secret:

{
  realm: horizon,
  auth-server-url: https://env.secret-company.com/auth/,
  ssl-required: external,
  resource: jenkins,
  credentials: {
    secret: 
  },
  confidential-port: 0
}

Even if we put a proper secret from keycloak (we can see it in keycloak UI) it may be overwritten by ArgoCD back to empty later for some reasons for both jenkins after keycloak-post-jenkins job execution and keycloak-post-gerrit job execution for gerrit.

Since argo should sync resources in real environment this is a blocking issue.

[aakinshin-lux]

It's appeared that root cause of this issue was that passwords didn't contained special character. However I noticed that such information about password requirements exist but probably located far away from passwords definition itself.
Any distraction as lunch, work for another project, long time meeting can negatively impact such deployment and it's better to move all password creation to the same place along with hint regarding password requirements in deployment guide.