diff --git a/pkg/crc/cluster/cluster.go b/pkg/crc/cluster/cluster.go
index da963715c9..a2668dcda4 100644
--- a/pkg/crc/cluster/cluster.go
+++ b/pkg/crc/cluster/cluster.go
@@ -3,7 +3,6 @@ package cluster
 import (
 	"context"
 	"crypto/x509"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"math"
@@ -179,40 +178,6 @@ func EnsureSSHKeyPresentInTheCluster(ctx context.Context, ocConfig oc.Config, ss
 	return nil
 }
 
-func EnsurePullSecretPresentInTheCluster(ctx context.Context, ocConfig oc.Config, pullSec PullSecretLoader) error {
-	if err := WaitForOpenshiftResource(ctx, ocConfig, "secret"); err != nil {
-		return err
-	}
-
-	stdout, stderr, err := ocConfig.RunOcCommandPrivate("get", "secret", "pull-secret", "-n", "openshift-config", "-o", `jsonpath="{['data']['\.dockerconfigjson']}"`)
-	if err != nil {
-		return fmt.Errorf("Failed to get pull secret %v: %s", err, stderr)
-	}
-	decoded, err := base64.StdEncoding.DecodeString(stdout)
-	if err != nil {
-		return err
-	}
-	if err := validation.ImagePullSecret(string(decoded)); err == nil {
-		return nil
-	}
-
-	logging.Info("Adding user's pull secret to the cluster...")
-	content, err := pullSec.Value()
-	if err != nil {
-		return err
-	}
-	base64OfPullSec := base64.StdEncoding.EncodeToString([]byte(content))
-	cmdArgs := []string{"patch", "secret", "pull-secret", "-p",
-		fmt.Sprintf(`'{"data":{".dockerconfigjson":"%s"}}'`, base64OfPullSec),
-		"-n", "openshift-config", "--type", "merge"}
-
-	_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...)
-	if err != nil {
-		return fmt.Errorf("Failed to add Pull secret %v: %s", err, stderr)
-	}
-	return nil
-}
-
 func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc.Config, sshRunner *ssh.Runner, selfSignedCACert *x509.Certificate, adminCert string) error {
 	selfSignedCAPem := crctls.CertToPem(selfSignedCACert)
 	if err := WaitForOpenshiftResource(ctx, ocConfig, "configmaps"); err != nil {
@@ -232,13 +197,10 @@ func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc
 	}
 
 	logging.Info("Updating root CA cert to admin-kubeconfig-client-ca configmap...")
-	jsonPath := fmt.Sprintf(`'{"data": {"ca-bundle.crt": %q}}'`, selfSignedCAPem)
-	cmdArgs := []string{"patch", "configmap", "admin-kubeconfig-client-ca",
-		"-n", "openshift-config", "--patch", jsonPath}
-	_, stderr, err = ocConfig.RunOcCommand(cmdArgs...)
-	if err != nil {
-		return fmt.Errorf("Failed to patch admin-kubeconfig-client-ca config map with new CA` %v: %s", err, stderr)
+	if err := sshRunner.CopyDataPrivileged(selfSignedCAPem, "/opt/crc/custom-ca.crt", 0644); err != nil {
+		return fmt.Errorf("Failed to copy generated CA file to VM: %v", err)
 	}
+
 	if err := sshRunner.CopyFile(constants.KubeconfigFilePath, ocConfig.KubeconfigPath, 0644); err != nil {
 		return fmt.Errorf("Failed to copy generated kubeconfig file to VM: %v", err)
 	}
diff --git a/pkg/crc/cluster/kubeadmin_password.go b/pkg/crc/cluster/kubeadmin_password.go
index f8beb9fb13..1fcf5f79ba 100644
--- a/pkg/crc/cluster/kubeadmin_password.go
+++ b/pkg/crc/cluster/kubeadmin_password.go
@@ -13,7 +13,7 @@ import (
 
 	"github.com/crc-org/crc/v2/pkg/crc/constants"
 	"github.com/crc-org/crc/v2/pkg/crc/logging"
-	"github.com/crc-org/crc/v2/pkg/crc/oc"
+	"github.com/crc-org/crc/v2/pkg/crc/ssh"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -29,7 +29,7 @@ func GenerateKubeAdminUserPassword() error {
 }
 
 // UpdateKubeAdminUserPassword updates the htpasswd secret
-func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPassword string) error {
+func UpdateKubeAdminUserPassword(ctx context.Context, sshRunner *ssh.Runner, newPassword string) error {
 	if newPassword != "" {
 		logging.Infof("Overriding password for kubeadmin user")
 		if err := os.WriteFile(constants.GetKubeAdminPasswordPath(), []byte(strings.TrimSpace(newPassword)), 0600); err != nil {
@@ -41,39 +41,14 @@ func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPas
 	if err != nil {
 		return fmt.Errorf("Cannot read the kubeadmin user password from file: %w", err)
 	}
-	credentials := map[string]string{
-		"developer": "developer",
-		"kubeadmin": kubeAdminPassword,
-	}
 
-	if err := WaitForOpenshiftResource(ctx, ocConfig, "secret"); err != nil {
+	if err := sshRunner.CopyDataPrivileged([]byte(kubeAdminPassword), "/opt/crc/pass_kubeadmin", 0600); err != nil {
 		return err
 	}
 
-	given, stderr, err := ocConfig.RunOcCommandPrivate("get", "secret", "htpass-secret", "-n", "openshift-config", "-o", `jsonpath="{.data.htpasswd}"`)
-	if err != nil {
-		return fmt.Errorf("%s:%v", stderr, err)
-	}
-	ok, externals, err := compareHtpasswd(given, credentials)
-	if err != nil {
+	if err := sshRunner.CopyDataPrivileged([]byte("developer"), "/opt/crc/pass_developer", 0600); err != nil {
 		return err
 	}
-	if ok {
-		return nil
-	}
-
-	logging.Infof("Changing the password for the kubeadmin user")
-	expected, err := getHtpasswd(credentials, externals)
-	if err != nil {
-		return err
-	}
-	cmdArgs := []string{"patch", "secret", "htpass-secret", "-p",
-		fmt.Sprintf(`'{"data":{"htpasswd":"%s"}}'`, expected),
-		"-n", "openshift-config", "--type", "merge"}
-	_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...)
-	if err != nil {
-		return fmt.Errorf("Failed to update kubeadmin password %v: %s", err, stderr)
-	}
 	return nil
 }
 
diff --git a/pkg/crc/machine/start.go b/pkg/crc/machine/start.go
index 9fad1815a7..6173472879 100644
--- a/pkg/crc/machine/start.go
+++ b/pkg/crc/machine/start.go
@@ -424,6 +424,15 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		}
 	}
 
+	// copy the pull secret into /opt/crc/pull-secret in the instance
+	pullSecret, err := startConfig.PullSecret.Value()
+	if err != nil {
+		return nil, err
+	}
+	if err := sshRunner.CopyDataPrivileged([]byte(pullSecret), "/opt/crc/pull-secret", 0600); err != nil {
+		return nil, errors.Wrap(err, "Unable to send pull-secret to instance")
+	}
+
 	// Add nameserver to VM if provided by User
 	if startConfig.NameServer != "" {
 		if err = addNameServerToInstance(sshRunner, startConfig.NameServer); err != nil {
@@ -509,6 +518,11 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		}, nil
 	}
 
+	// Send the kubeadmin and developer new passwords to the VM
+	if err := cluster.UpdateKubeAdminUserPassword(ctx, sshRunner, startConfig.KubeAdminPassword); err != nil {
+		return nil, errors.Wrap(err, "Failed to update kubeadmin user password")
+	}
+
 	// Check the certs validity inside the vm
 	logging.Info("Verifying validity of the kubelet certificates...")
 	certsExpired, err := cluster.CheckCertsValidity(sshRunner)
@@ -541,10 +555,6 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		return nil, err
 	}
 
-	if err := cluster.EnsurePullSecretPresentInTheCluster(ctx, ocConfig, startConfig.PullSecret); err != nil {
-		return nil, errors.Wrap(err, "Failed to update cluster pull secret")
-	}
-
 	if err := cluster.EnsureSSHKeyPresentInTheCluster(ctx, ocConfig, constants.GetPublicKeyPath()); err != nil {
 		return nil, errors.Wrap(err, "Failed to update ssh public key to machine config")
 	}
@@ -553,10 +563,6 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		return nil, errors.Wrap(err, "Failed to update pull secret on the disk")
 	}
 
-	if err := cluster.UpdateKubeAdminUserPassword(ctx, ocConfig, startConfig.KubeAdminPassword); err != nil {
-		return nil, errors.Wrap(err, "Failed to update kubeadmin user password")
-	}
-
 	if client.monitoringEnabled() {
 		logging.Info("Enabling cluster monitoring operator...")
 		if err := cluster.StartMonitoring(ocConfig); err != nil {