diff --git a/internal/controller/managedcluster_controller.go b/internal/controller/managedcluster_controller.go
index c1891db7..cc9a416f 100644
--- a/internal/controller/managedcluster_controller.go
+++ b/internal/controller/managedcluster_controller.go
@@ -351,7 +351,7 @@ func (r *ManagedClusterReconciler) updateCluster(ctx context.Context, mc *hmc.Ma
 		return ctrl.Result{RequeueAfter: DefaultRequeueInterval}, nil
 	}
 
-	if err := r.reconcileCredentialPropagation(ctx, mc); err != nil {
+	if err := r.reconcileCredentialPropagation(ctx, mc, cred); err != nil {
 		l.Error(err, "failed to reconcile credentials propagation")
 		return ctrl.Result{}, err
 	}
@@ -694,7 +694,7 @@ func (r *ManagedClusterReconciler) objectsAvailable(ctx context.Context, namespa
 	return len(itemsList.Items) != 0, nil
 }
 
-func (r *ManagedClusterReconciler) reconcileCredentialPropagation(ctx context.Context, managedCluster *hmc.ManagedCluster) error {
+func (r *ManagedClusterReconciler) reconcileCredentialPropagation(ctx context.Context, managedCluster *hmc.ManagedCluster, credential *hmc.Credential) error {
 	l := ctrl.LoggerFrom(ctx)
 	l.Info("Reconciling CCM credentials propagation")
 
@@ -763,7 +763,7 @@ func (r *ManagedClusterReconciler) reconcileCredentialPropagation(ctx context.Co
 			})
 		case "openstack":
 			l.Info("OpenStack creds propagation start")
-			if err := credspropagation.PropagateOpenStackSecrets(ctx, propnCfg); err != nil {
+			if err := credspropagation.PropagateOpenStackSecrets(ctx, propnCfg, credential); err != nil {
 				errMsg := fmt.Sprintf("failed to create OpenStack CCM credentials: %s", err)
 				apimeta.SetStatusCondition(managedCluster.GetConditions(), metav1.Condition{
 					Type:    hmc.CredentialsPropagatedCondition,
diff --git a/internal/credspropagation/azure.go b/internal/credspropagation/azure.go
index 05eb6973..329b2c10 100644
--- a/internal/credspropagation/azure.go
+++ b/internal/credspropagation/azure.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -92,5 +91,5 @@ func generateAzureCCMSecret(azureCluster *capz.AzureCluster, azureClIdty *capz.A
 		"cloud-config": azureJSON,
 	}
 
-	return makeSecret("azure-cloud-provider", metav1.NamespaceSystem, secretData), nil
+	return makeSecret("azure-cloud-provider", secretData), nil
 }
diff --git a/internal/credspropagation/common.go b/internal/credspropagation/common.go
index 9d72e575..3e5716d4 100644
--- a/internal/credspropagation/common.go
+++ b/internal/credspropagation/common.go
@@ -53,11 +53,11 @@ func applyCCMConfigs(ctx context.Context, kubeconfSecret *corev1.Secret, objects
 	return nil
 }
 
-func makeSecret(name, namespace string, data map[string][]byte) *corev1.Secret {
+func makeSecret(name string, data map[string][]byte) *corev1.Secret {
 	s := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: metav1.NamespaceSystem,
 		},
 		Data: data,
 	}
@@ -65,11 +65,11 @@ func makeSecret(name, namespace string, data map[string][]byte) *corev1.Secret {
 	return s
 }
 
-func makeConfigMap(name, namespace string, data map[string]string) *corev1.ConfigMap {
+func makeConfigMap(name string, data map[string]string) *corev1.ConfigMap {
 	c := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: metav1.NamespaceSystem,
 		},
 		Data: data,
 	}
diff --git a/internal/credspropagation/openstack.go b/internal/credspropagation/openstack.go
index bdb0a2f9..9a4ed178 100644
--- a/internal/credspropagation/openstack.go
+++ b/internal/credspropagation/openstack.go
@@ -18,59 +18,29 @@ import (
 	"context"
 	"fmt"
 
-	hmc "github.com/Mirantis/hmc/api/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-)
 
-func PropagateOpenStackSecrets(ctx context.Context, cfg *PropagationCfg) error {
-	openstackManagedCluster := &hmc.ManagedCluster{}
-	if err := cfg.Client.Get(ctx, client.ObjectKey{
-		Name:      cfg.ManagedCluster.Name,
-		Namespace: cfg.ManagedCluster.Namespace,
-	}, openstackManagedCluster); err != nil {
-		return fmt.Errorf("failed to get ManagedCluster %s: %w", cfg.ManagedCluster.Name, err)
-	}
-
-	openstackCredential := &hmc.Credential{}
-	if err := cfg.Client.Get(ctx, client.ObjectKey{
-		Name:      openstackManagedCluster.Spec.Credential,
-		Namespace: openstackManagedCluster.Namespace,
-	}, openstackCredential); err != nil {
-		return fmt.Errorf("failed to get OpenStackCredential %s: %w", cfg.ManagedCluster.Spec.Credential, err)
-	}
+	hmc "github.com/Mirantis/hmc/api/v1alpha1"
+)
 
+func PropagateOpenStackSecrets(ctx context.Context, cfg *PropagationCfg, credential *hmc.Credential) error {
 	// Fetch the secret containing OpenStack credentials
 	openstackSecret := &corev1.Secret{}
-	openstackSecretName := openstackCredential.Spec.IdentityRef.Name
-	openstackSecretNamespace := openstackCredential.Spec.IdentityRef.Namespace
 	if err := cfg.Client.Get(ctx, client.ObjectKey{
-		Name:      openstackSecretName,
-		Namespace: openstackSecretNamespace,
+		Name:      credential.Spec.IdentityRef.Name,
+		Namespace: credential.Spec.IdentityRef.Namespace,
 	}, openstackSecret); err != nil {
-		return fmt.Errorf("failed to get OpenStack secret %s: %w", openstackSecretName, err)
+		return fmt.Errorf("failed to get OpenStack secret %s: %w", credential.Spec.IdentityRef.Name, err)
 	}
 
 	// Generate CCM secret
-	ccmSecret, err := generateOpenStackCCMSecret(openstackSecret)
-	if err != nil {
-		return fmt.Errorf("failed to generate OpenStack CCM secret: %s", err)
-	}
+	ccmSecret := makeSecret("openstack-cloud-config", openstackSecret.Data)
 
 	// Apply CCM config
 	if err := applyCCMConfigs(ctx, cfg.KubeconfSecret, ccmSecret); err != nil {
-		return fmt.Errorf("failed to apply OpenStack CCM secret: %s", err)
+		return fmt.Errorf("failed to apply OpenStack CCM secret: %w", err)
 	}
 
 	return nil
 }
-
-func generateOpenStackCCMSecret(openstackSecret *corev1.Secret) (*corev1.Secret, error) {
-	// Use the data from the fetched secret
-	secretData := map[string][]byte{
-		"clouds.yaml": openstackSecret.Data["clouds.yaml"],
-	}
-
-	return makeSecret("openstack-cloud-config", metav1.NamespaceSystem, secretData), nil
-}
diff --git a/internal/credspropagation/vsphere.go b/internal/credspropagation/vsphere.go
index 189a6bd3..df3da478 100644
--- a/internal/credspropagation/vsphere.go
+++ b/internal/credspropagation/vsphere.go
@@ -119,8 +119,8 @@ func generateVSphereCCMConfigs(vCl *capv.VSphereCluster, vScrt *corev1.Secret, v
 	cmData := map[string]string{
 		"vsphere.conf": string(ccmCfgYaml),
 	}
-	return makeSecret(secretName, metav1.NamespaceSystem, secretData),
-		makeConfigMap("cloud-config", metav1.NamespaceSystem, cmData),
+	return makeSecret(secretName, secretData),
+		makeConfigMap("cloud-config", cmData),
 		nil
 }
 
@@ -161,5 +161,5 @@ datacenters = "{{ .Datacenter }}"
 		"csi-vsphere.conf": buf.Bytes(),
 	}
 
-	return makeSecret("vcenter-config-secret", metav1.NamespaceSystem, secretData), nil
+	return makeSecret("vcenter-config-secret", secretData), nil
 }