From 2d2982d5e80f1bd91758d93cbde14189a947d208 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 6 Feb 2025 18:25:41 +0100 Subject: [PATCH 1/2] secrets: make additional secrets new section Signed-off-by: Martin Basti --- .../ROOT/pages/how-tos/configuring/creating-secrets.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc b/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc index 7f5f4421..3157440b 100644 --- a/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc +++ b/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc @@ -14,7 +14,7 @@ Sometimes to run the tasks properly, you may need to pass secrets to these tasks NOTE: One such task is the link:https://github.com/konflux-ci/build-definitions/tree/main/task/sast-snyk-check[sast-snyk-check] task that uses the third-party service link:https://snyk.io/[snyk] to perform static application security testing (SAST) as a part of the default {ProductName} pipeline. Use this procedure to upload your snyk.io token. Name the secret `sast_snyk_task` so that the snyk task in the {ProductName} pipeline will recognize it and use it. -.Procedure +.Procedure . In {ProductName}, from the left navigation menu, select **Secrets**. . From the **Secrets** page, click **Add secret**. @@ -202,13 +202,13 @@ stringData: ==== [IMPORTANT] -==== +==== * Secrets lookup mechanism is searching for the most specific secret first. The secret with a repository annotation will be used first if it matches the component repository path. In none found, then a lookup will try to find a secret with a wildcard, or just the host matching one. * If you upload a GitLab access token to a workspace, {ProductName} won’t use the global GitHub application when accessing GitHub repositories. ==== -.Additional resources +== Additional resources * For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html[Project access tokens]. From dbd96427e1adf27f0eaefbf7091ca3bd049c4b3e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 6 Feb 2025 19:13:17 +0100 Subject: [PATCH 2/2] External secrets note Signed-off-by: Martin Basti --- docs/antora.yml | 2 +- .../ROOT/pages/how-tos/configuring/creating-secrets.adoc | 2 ++ .../ROOT/partials/konflux-secrets-external-vault.adoc | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 docs/modules/ROOT/partials/konflux-secrets-external-vault.adoc diff --git a/docs/antora.yml b/docs/antora.yml index 4aaf2ab6..e3d9e817 100644 --- a/docs/antora.yml +++ b/docs/antora.yml @@ -24,7 +24,7 @@ asciidoc: # Product content attributes ProductName: Konflux - context: app + context: konflux ProductShortName: '' ProductRelease: '' ProductVersion: '' diff --git a/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc b/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc index 3157440b..c977a1f9 100644 --- a/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc +++ b/docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc @@ -208,6 +208,8 @@ stringData: * If you upload a GitLab access token to a workspace, {ProductName} won’t use the global GitHub application when accessing GitHub repositories. ==== +include::ROOT:partial${context}-secrets-external-vault.adoc[] + == Additional resources * For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html[Project access tokens]. diff --git a/docs/modules/ROOT/partials/konflux-secrets-external-vault.adoc b/docs/modules/ROOT/partials/konflux-secrets-external-vault.adoc new file mode 100644 index 00000000..e8368790 --- /dev/null +++ b/docs/modules/ROOT/partials/konflux-secrets-external-vault.adoc @@ -0,0 +1,5 @@ +== Secrets from external vaults + +There is no direct support for external vaults in Konflux itself. +However, there are existing solutions which can be installed by administrators +to support external vaults, for example link:https://external-secrets.io[external secrets operator].