# Secret Injection + Secrets

1. **Secrets as Kubernetes Secrets**: Tekton allows you to use Kubernetes Secrets to store sensitive information such as credentials, API keys, or certificates. You can create Kubernetes Secrets containing your sensitive data and then mount them as volumes or expose them as environment variables within your Tekton pipeline tasks. This approach leverages Kubernetes' built-in secrets management capabilities.
2. **External Secrets Management**: You can integrate Tekton with external secrets management systems such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault. These systems provide centralized management and encryption of secrets, allowing you to securely retrieve them at runtime. Tekton provides integrations or plugins to fetch secrets from these external sources during pipeline execution.
3. **Tekton Secrets**: Tekton also provides its own Secrets resource, which allows you to store secrets directly within Tekton without relying on external systems. Tekton Secrets are similar to Kubernetes Secrets but are specifically designed for use within Tekton pipelines. You can define Tekton Secrets in your pipeline resources and reference them from your pipeline tasks.
4. **Encrypted Configurations**: Tekton pipelines support the use of encrypted configuration files. You can encrypt sensitive data within your pipeline configuration files using tools like SOPS (Secrets Operator) or Sealed Secrets. During pipeline execution, Tekton automatically decrypts these encrypted configurations, making the secrets available to your pipeline tasks.
5. **Parameterization and Environment Variables**: Tekton pipelines support parameterization, allowing you to pass parameters or environment variables to your pipeline tasks. You can define parameters for sensitive data and securely pass them to your tasks at runtime. Ensure that these parameters are securely managed and not exposed in plaintext within your pipeline configurations.

**Secrets in Pipelines:**\
\
1\.  Once you've created a pipeline, initiating it requires specifying certain parameters. For instance, as shown below, there's a parameter field labeled **`project_key`**. Within this field, you'll notice an option to **Create a Secret**, allowing you to securely store sensitive information while running the pipeline.

<figure><img src="/files/t8w0ErkGqG1lTc1MYOxA" alt=""><figcaption></figcaption></figure>

2. If we click on that it will ask for the name of the secrets, optional description, and global value now after creating you can use that secret directly for params. \
   \
   Usage of secrets: Secrets are used for storing secrets or other values that can be used as params while running a pipeline.<br>

<figure><img src="/files/bIjw1C3mGTFTTrbj9Q1f" alt=""><figcaption></figcaption></figure>

3. So, there is another way of creating secrets, go to resources → secrets there you can see + New Secrets on the top right, On clicking you can create a new secret such as repoUrl, tokens, etc, and use it while running pipelines.<br>

<figure><img src="/files/NT49hSMTch8t3VhD4ejg" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ozone.one/ozone-end-user-guide/documentation/ci-cd/catalog/pipelines-templates-and-runs/secret-injection-+-secrets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.