-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #36 from stakater/ci-pipelines
Pipeline secrets
- Loading branch information
Showing
1 changed file
with
57 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| # Pipeline Secrets | ||
|
|
||
| SAAP Pipelines requires secrets for CI/CD workflow. Following are the secrets used, along with their usage details. | ||
|
|
||
| ## nexus-helm-auth-forked | ||
|
|
||
| **Purpose:** nexus-helm-auth-forked secret is used in CI pipeline to push and pull helm charts from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry. | ||
|
|
||
| **Owner:** Stakater | ||
|
|
||
| **Type:** Service Account (Shared user) | ||
|
|
||
| **User for:** CI pipelines | ||
|
|
||
| **Do not use for:** Logging in to registry from your local machine | ||
|
|
||
| **Creation:** This secret is created at the time Nexus is set up. It is hard-coded in `nexus-pre-install` configMap, and created through `nexus-setup` job. | ||
|
|
||
| **Rotation:** This secret needs to be added to Vault, which is then reconciled by External Secrets Operator, and a Kubernetes secret is created in cluster against it. | ||
|
|
||
| **Stored in:** Keeper | ||
|
|
||
| ## nexus-docker-auth-forked | ||
|
|
||
| **Purpose:** nexus-docker-auth-forked secret is used in CI pipeline to push and pull docker images from private nexus registry hosted on the cluster. This secret contains credentials for a machine-user to login into the registry. | ||
|
|
||
| **Owner:** Stakater | ||
|
|
||
| **Type:** Service Account (Shared user) | ||
|
|
||
| **User for:** CI pipelines | ||
|
|
||
| **Do not use for:** Logging in to registry from your local machine | ||
|
|
||
| **Creation:** This secret is created at the time Nexus is set up. It is hard-coded in `nexus-pre-install` configMap, and created through `nexus-setup` job. | ||
|
|
||
| **Rotation:** This secret needs to be added to Vault, which is then reconciled by External Secrets Operator, and a Kubernetes secret is created in cluster against it. | ||
|
|
||
| **Stored in:** Keeper | ||
|
|
||
| ## git-auth-forked | ||
|
|
||
| **Purpose:** git-auth-forked secret is used in CI pipeline. It's purpose is to clone git repositories into workspaces that are used in pipeline steps to perform any defined action. The secret contains a token that has access to defined user and repository permission (fine-grained token). | ||
|
|
||
| **Owner:** Stakater | ||
|
|
||
| **Type:** Service Account (Shared user) | ||
|
|
||
| **User for:** CI pipelines | ||
|
|
||
| **Do not use for:** Logging in to registry from your local machine | ||
|
|
||
| **Creation:** This secret is created by GitHub organization admin. More details on how to create this can be seen [here](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) | ||
|
|
||
| **Rotation:** This secret needs to be added to Vault, which is then reconciled by External Secrets Operator, and a Kubernetes secret is created in cluster against it. | ||
|
|
||
| **Stored in:** Keeper |