RFE : Improve secret management doc in OpenShift Pipeline and support Azure KeyVault

[ezYakaEagle442]

Writing your first OpenShift Pipeline/Tekton, you discover that secrets are declared as string in Tasks params and are displayed in clear text in the ARO console.

Request For Enhancement :

1. Improve ARO & OpenShift documentation to describe how to limit secret exposure in the Pipeline
2. Add in the roadmap the integration with Azure KeyVault + the Azure Key Vault Provider for Secrets Store CSI Driver

Note: There is no GitHub Issue page at - https://github.com/openshift/tektoncd-pipeline

See also:

• https://github.com/tektoncd/pipeline/blob/master/docs/tasks.md#using-a-secret-as-an-environment-source
• Improve UX of getting credentials into Tasks tektoncd/pipeline#2343
• Use secret values as parameters of a task tektoncd/pipeline#3443
• https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/pipelines/index
• https://docs.openshift.com/container-platform/4.6/pipelines/understanding-openshift-pipelines.html#about-tasks_understanding-openshift-pipelines

[ezYakaEagle442]

see also :

• secrets-store-csi-driver install fails on Azure RedHat OpenShift [ARO] secrets-store-csi-driver-provider-azure#363
• RFE : Improve secret management doc in OpenShift Pipeline and support Azure KeyVault openshift/openshift-azure#2344
• • helm: add privileged option for running in ARO  secrets-store-csi-driver-provider-azure#364

[ezYakaEagle442]

@amanohar @sakthi-vetrivel

[ezYakaEagle442]

Now the ARO docs is a pointer to OCP docs, the secret management is a bit described at https://docs.openshift.com/container-platform/4.6/security/container_security/security-deploy.html#security-deploy-secrets_security-deploy

[ezYakaEagle442]

cc @aramase @ritazh

[ezYakaEagle442]

@rahulm23 could you please flag this issue to the roadmap ?