Skip to content

Commit

Permalink
Merge pull request #225 from MartinBasti/improve-secrets
Browse files Browse the repository at this point in the history
Improve secrets
  • Loading branch information
arewm authored Feb 7, 2025
2 parents 43b10ac + dbd9642 commit 328812b
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 4 deletions.
2 changes: 1 addition & 1 deletion docs/antora.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ asciidoc:

# Product content attributes
ProductName: Konflux
context: app
context: konflux
ProductShortName: ''
ProductRelease: ''
ProductVersion: ''
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Sometimes to run the tasks properly, you may need to pass secrets to these tasks

NOTE: One such task is the link:https://github.com/konflux-ci/build-definitions/tree/main/task/sast-snyk-check[sast-snyk-check] task that uses the third-party service link:https://snyk.io/[snyk] to perform static application security testing (SAST) as a part of the default {ProductName} pipeline. Use this procedure to upload your snyk.io token. Name the secret `sast_snyk_task` so that the snyk task in the {ProductName} pipeline will recognize it and use it.

.Procedure
.Procedure

. In {ProductName}, from the left navigation menu, select **Secrets**.
. From the **Secrets** page, click **Add secret**.
Expand Down Expand Up @@ -202,13 +202,15 @@ stringData:
====

[IMPORTANT]
====
====
* Secrets lookup mechanism is searching for the most specific secret first. The secret with a repository annotation will be used first if it matches the component repository path. In none found, then a lookup will try to find a secret with a wildcard, or just the host matching one.
* If you upload a GitLab access token to a workspace, {ProductName} won’t use the global GitHub application when accessing GitHub repositories.
====

.Additional resources
include::ROOT:partial${context}-secrets-external-vault.adoc[]

== Additional resources

* For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html[Project access tokens].

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
== Secrets from external vaults

There is no direct support for external vaults in Konflux itself.
However, there are existing solutions which can be installed by administrators
to support external vaults, for example link:https://external-secrets.io[external secrets operator].

0 comments on commit 328812b

Please sign in to comment.