Tutorials
  • Welcome to Ozone
  • Quick Onboarding
    • Creating a New Project
    • Creating Environments
    • Adding a Registry
    • Adding a Repository
    • Attaching Clusters
    • Creating a Microservice
    • Using out-of-the-box Pipeline Templates
    • Creating a new pipeline on the Ozone Pipeline Studio
    • Configuring Triggers for Automated Deployments
    • Adding a CD Provider
      • Jenkins Pipeline
  • Documentation
    • Dashboard
      • Ozone Dashboard
      • Analyze Metrics & Logs for Kubernetes Clusters
    • CI/CD
      • Create Microservice
        • Link a Git Repo
        • Map a Registry
        • Map to Environments
        • Build Config (Specify where the Docker file exists)
      • Link Pipelines to your Microservice
        • Default Pipelines that are linked
        • What are Input Sets?
        • Execute a linked pipeline
      • Catalog
        • External Pipelines
          • Supported Integrations
          • How to Link an External CI Integration
          • Conversion Of external pipelines to Tekton Pipelines
        • Tasks
          • Create a Custom task
        • Releases (Templates and Runs)
          • What are releases composed of (Pipelines & Approvals)
          • Create a Release Template
          • Run a Release Template
        • Running Your First Pipeline
        • Pipelines (Templates & Runs)
          • Adding Nodes to Canvas
          • Configuring Rollbacks at Pipeline Template
          • Secret Injection + Secrets
          • Input-result mapping between tasks
        • Initiating Pipeline run
          • Manually
      • Triggers
        • Scheduling a pipeline and/or a release run
        • Triggering a pipeline and/or a release run
          • From Github events
          • From GitLab events
          • From Jira events
          • Custom Webhook
          • From Harbor events
          • From Azure DevOps events
          • From Bitbucket events
          • From Dockerhub events
      • Observe your Microservice
      • Verify Your Microservice With AI
    • Helm
      • Create a Helm Channel
      • Create a Helm Release
      • Edit a Helm Release
    • DevSecOps
      • Security Dashboard
      • Scans
      • Supported Integrations
      • Run Your First Security Pipeline
      • Shift Left Policy Management
        • Policies
    • Backups
      • Pre-requisites
      • How do I schedule a backup to create snapshots?
      • How to take snapshots and how do I know the status of backups?
      • How do I restore snapshots to clusters?
    • Setup
      • Manage Cluster
        • Public Cluster
        • Reattach Cluster
      • Setting up Environments
      • Manage Secret
      • Manage Repos
      • Manage Registries
      • Integrations
        • Managing Cloud Integrations
          • AWS
          • Azure
          • GCP
        • Managing Source Code Integrations
          • GitHub
          • GitLab
          • Bit bucket
          • Azure DevOps Repos
          • Git Repo
          • Bitbucket Datacenter
        • Managing Container Registry
          • Docker
          • GCR
          • Harbor
          • Quay
          • Azure ACR
          • Adhoc Registry
        • Managing Container Orchestration
          • AWS EKS
          • GKE
          • Azure AKS
        • Managing Issue Trackers
        • Managing Continuous Deployment
          • Argo CD
          • Azure DevOps
          • Ansible Tower
        • Managing SSO
        • Managing Private Catalogs
        • Managing Notifications
        • Managing Security
          • Snyk
          • Prisma Cloud
        • Managing APM
          • NewRelic
        • Managing Cloud Storage
          • Minio
          • AWS S3 Bucket
          • Google Cloud Storage
          • Azure Blob Storage
        • Managing Network Tunnels
        • Manage Testing
          • K6
        • Managing Secret Store
          • Azure Key Vault
          • Google Secret Manager
          • AWS Secrets Manager
          • Hashicorp Vault
    • Settings
      • Role Based Access Control
        • Create a new role
        • Clone an Existing Role
        • Apply a role to a member
      • Ozone Identity Management
      • Audit Trails
      • Private Cluster Management
      • SSO
        • Pre-Requisites
        • Azure AD
      • Projects
        • Create a new Project
        • Archive a Project
        • Import and remove resources into the project
        • Add Members to a Project
      • Setup Alerts and Notifications
  • Release Notes
    • August - 2024
    • July - 2024
    • June - 2024
    • April - 2024
    • February - 2024
    • November - 2023
    • October - 2023
    • September - 2023
    • August - 2023
    • July - 2023
    • June - 2023
    • May - 2023
    • April - 2023
    • September - 2022
    • August - 2022
    • July - 2022
    • May - 2022
    • April - 2022
    • Mar - 2022
    • Jan - 2022
    • Nov - 2021
  • FAQ
    • In House Applications
    • COTS Applications
    • Tasks
    • Pipelines
    • Releases
    • Projects
    • Members
    • Environments
    • Variables
    • Roles
  • Use Cases
    • For Platform Engineers
      • Standardized Application Delivery Workflows
      • Unified Observability and Alerting
      • On Demand Workload Recovery
    • For Software Developers
      • On Demand Delivery
      • Scalable and Re-usable Workflows
Powered by GitBook
On this page
  1. Documentation
  2. CI/CD
  3. Catalog
  4. Pipelines (Templates & Runs)

Secret Injection + Secrets

PreviousConfiguring Rollbacks at Pipeline TemplateNextInput-result mapping between tasks

Last updated 8 months ago

  1. Secrets as Kubernetes Secrets: Tekton allows you to use Kubernetes Secrets to store sensitive information such as credentials, API keys, or certificates. You can create Kubernetes Secrets containing your sensitive data and then mount them as volumes or expose them as environment variables within your Tekton pipeline tasks. This approach leverages Kubernetes' built-in secrets management capabilities.

  2. External Secrets Management: You can integrate Tekton with external secrets management systems such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault. These systems provide centralized management and encryption of secrets, allowing you to securely retrieve them at runtime. Tekton provides integrations or plugins to fetch secrets from these external sources during pipeline execution.

  3. Tekton Secrets: Tekton also provides its own Secrets resource, which allows you to store secrets directly within Tekton without relying on external systems. Tekton Secrets are similar to Kubernetes Secrets but are specifically designed for use within Tekton pipelines. You can define Tekton Secrets in your pipeline resources and reference them from your pipeline tasks.

  4. Encrypted Configurations: Tekton pipelines support the use of encrypted configuration files. You can encrypt sensitive data within your pipeline configuration files using tools like SOPS (Secrets Operator) or Sealed Secrets. During pipeline execution, Tekton automatically decrypts these encrypted configurations, making the secrets available to your pipeline tasks.

  5. Parameterization and Environment Variables: Tekton pipelines support parameterization, allowing you to pass parameters or environment variables to your pipeline tasks. You can define parameters for sensitive data and securely pass them to your tasks at runtime. Ensure that these parameters are securely managed and not exposed in plaintext within your pipeline configurations.

Secrets in Pipelines: 1. Once you've created a pipeline, initiating it requires specifying certain parameters. For instance, as shown below, there's a parameter field labeled project_key. Within this field, you'll notice an option to Create a Secret, allowing you to securely store sensitive information while running the pipeline.

  1. If we click on that it will ask for the name of the secrets, optional description, and global value now after creating you can use that secret directly for params. Usage of secrets: Secrets are used for storing secrets or other values that can be used as params while running a pipeline.

  1. So, there is another way of creating secrets, go to resources → secrets there you can see + New Secrets on the top right, On clicking you can create a new secret such as repoUrl, tokens, etc, and use it while running pipelines.