Secret Injection + Secrets
Last updated
Last updated
Secrets as Kubernetes Secrets: Tekton allows you to use Kubernetes Secrets to store sensitive information such as credentials, API keys, or certificates. You can create Kubernetes Secrets containing your sensitive data and then mount them as volumes or expose them as environment variables within your Tekton pipeline tasks. This approach leverages Kubernetes' built-in secrets management capabilities.
External Secrets Management: You can integrate Tekton with external secrets management systems such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault. These systems provide centralized management and encryption of secrets, allowing you to securely retrieve them at runtime. Tekton provides integrations or plugins to fetch secrets from these external sources during pipeline execution.
Tekton Secrets: Tekton also provides its own Secrets resource, which allows you to store secrets directly within Tekton without relying on external systems. Tekton Secrets are similar to Kubernetes Secrets but are specifically designed for use within Tekton pipelines. You can define Tekton Secrets in your pipeline resources and reference them from your pipeline tasks.
Encrypted Configurations: Tekton pipelines support the use of encrypted configuration files. You can encrypt sensitive data within your pipeline configuration files using tools like SOPS (Secrets Operator) or Sealed Secrets. During pipeline execution, Tekton automatically decrypts these encrypted configurations, making the secrets available to your pipeline tasks.
Parameterization and Environment Variables: Tekton pipelines support parameterization, allowing you to pass parameters or environment variables to your pipeline tasks. You can define parameters for sensitive data and securely pass them to your tasks at runtime. Ensure that these parameters are securely managed and not exposed in plaintext within your pipeline configurations.
Secrets in Pipelines:
1. Once you've created a pipeline, initiating it requires specifying certain parameters. For instance, as shown below, there's a parameter field labeled project_key
. Within this field, you'll notice an option to Create a Secret, allowing you to securely store sensitive information while running the pipeline.
If we click on that it will ask for the name of the secrets, optional description, and global value now after creating you can use that secret directly for params. Usage of secrets: Secrets are used for storing secrets or other values that can be used as params while running a pipeline.
So, there is another way of creating secrets, go to resources → secrets there you can see + New Secrets on the top right, On clicking you can create a new secret such as repoUrl, tokens, etc, and use it while running pipelines.