We are running a JavaEE application on Payara server hosted/managed by OpenShift. At the moment we are baking our BasicAuth users into the image - which is quite ugly.
Is it some how possible to configure the BasicAuth users via OpenShift secrets at runtime or at least at deployment time?
I don't know about any support for Openshift Secrets out of the box. You should be able to build a custom identity store for JSR 375 (Security) API to support Openshift secrets. This article describes how to build a custom identity store: https://medium.com/@swhp/playing-with-java-ee-security-jsr-375-soteria-38e8d2b094d4 - the article describes how to read used information from database, but you can read it from Openshift in your custom store.
Payara Server and Payara Micro support JSR 375 Security API using the Soteria implementation since the version 4.1.2.174.