fix(KONFLUX-5917): adding tekton example of using secret

Signed-off-by: Kasem Alem <[email protected]>

Author: Kasem Alem

docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc

@@ -30,6 +30,13 @@ NOTE: One such task is the link:https://github.com/konflux-ci/build-definitions/
 . Optional: Under **Labels**, add a label to tag or provide more context for your secret.
 . Click **Add secret**.
 
+=== Notable task input secrets
+
+* xref:/how-tos/configuring/activation-keys-subscription.adoc#adding-activation-keys-to-the-workspace[activation-key]
+* xref:/how-tos/configuring/prefetching-dependencies.adoc#creating-the-netrc-secret[netrc]
+* xref:/how-tos/testing/build/snyk.adoc[snyk-secret]
+* xref:/how-tos/testing/integration/third-parties/testing-farm.adoc[testing-farm-secret]
+
 == Creating registry pull secrets
 
 Some container builds may use parent images from registries that require authentication, for example, `registry.redhat.io`. Until these credentials have been configured, the builds will continue to fail due to the system being unable to pull the required images.
@@ -47,15 +54,56 @@ Some container builds may use parent images from registries that require authent
 . Enter the password for the registry in **Password**.
 . Click **Add secret**.
 
+=== Example of creating a quay.io secret
+
+. Login to Konflux console your workspace (https://console.redhat.com/application-pipeline/workspaces/<your workspace>/applications)
+. Click on `Secrets` on the left menu.
+. Click on `Add Secret`
+. Choose `Image pull secret` for `Secret type`
+. Enter `Secret name` , for example `my-quay-secret` 
+. Choose `Image registry credentials` in `Authentication type` field
+. Enter `quay.io` in `Registry server address`
+. Enter your Quay.io username in `Username`
+. Enter your Quay.io API token in `Password` field.
+. Click on `Add secret`
+. Email is optional
+
+
+Here is the YAML representation of the secret (for reference):
+
+[source,yaml]
+----
+apiVersion: v1
+data:
+.dockerconfigjson: <base64-encoded-credentials>
+kind: Secret
+metadata:
+name: my-quay-secret
+namespace: <your-workspace-tenant>
+type: kubernetes.io/dockerconfigjson
+----
+
 
 [NOTE]
 ====
-Performing this operation through the UI will link the secret to the `appstudio-pipeline`
-`serviceaccount` automatically. If you instead wanted to add manually the secret to the
-namespace (creating the `secret` directly on the tenant
-workspace), you'll need to have the secret linked manually.
-
-please review the xref:/troubleshooting/index.adoc#check-if-the-secret-is-linked-to-the-service-account[troubleshooting section]) for more info.
+* **Automatic Secret Linking via UI**  
+  The Konflux UI automatically links image pull secrets to the `appstudio-pipeline` ServiceAccount.  
+  - No pipeline YAML changes are required.  
+  - Tasks like the buildah task will use this secret automatically when pulling images from `quay.io`. (https://github.com/konflux-ci/build-definitions/blob/main/task/buildah-oci-ta/0.3/buildah-oci-ta.yaml in volumes) 
+
+* **Manual Secret Creation**  
+  . **Link Secret To SA** 
+    - If you create the secret manually (e.g., via `kubectl` or YAML), you must **manually link it** to the `appstudio-pipeline` ServiceAccount in your namespace.
+  . **Secrets Via Workspace** 
+    - Explicitly mount secrets as files using a workspace
+    - RBAC: Ensure the ServiceAccount has permission to access the secret (via Role/RoleBinding).
+
+  . **Secrets as Environment Variables** 
+    - Inject secrets into environment variables
+    - RBAC: The ServiceAccount must have `get` permission for the secret.
+
+* **Troubleshooting**  
+  For issues with secret linking, review the xref:/troubleshooting/index.adoc#check-if-the-secret-is-linked-to-the-service-account[troubleshooting section].
 ====
 
 == Creating source control secrets
@@ -164,4 +212,4 @@ stringData:
 
 * For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html[Project access tokens].
 
-* To configure push secrets for your Build and Release pipelines, see link:https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#configuring-a-push-secret-for-the-build-pipeline[Configuring push secrets] in the Konflux GitHub repository.
+* To configure push secrets for your Build and Release pipelines, see link:https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#configuring-a-push-secret-for-the-build-pipeline[Configuring push secrets] in the Konflux GitHub repository.