Skip to content

Latest commit

 

History

History
37 lines (25 loc) · 2.17 KB

how-to-add-custom-secret.md

File metadata and controls

37 lines (25 loc) · 2.17 KB

Add a Custom Secret to Prow

This tutorial shows how to add and use a custom secret in the Prow pipeline.

Procedure

  1. Create a new secret in Google Secret Manager. Follow the guide for naming convention.
  2. Apply the necessary permissions. Add the secret-manager-trusted@sap-kyma-prow.iam.gserviceaccount.com principal with the Secret Manager Secret Accessor role if the secret is used only for a postsubmit or release job. If you are creating a secret for a presubmit job, use the secret-manager-untrusted@sap-kyma-prow.iam.gserviceaccount.com principal with the same role. If you want to use the secret in presubmit and postsubmit jobs, apply both principals.

permissions

  1. Update External Secrets Operator YAML file.

    Add External Secret definitions to one of the following files:

  2. Apply the Secrets manually to the Prow cluster as Kubernetes External Secret.

  3. Create ProwJob Preset in prow-config.yaml that maps the Secret to the variable or to the file.

    For example:

    - labels:
        preset-kyma-btp-manager-bot-github-token: "true"
        env:
        - name: BOT_GITHUB_TOKEN
          valueFrom:
            secretKeyRef:
                name: kyma-btp-manager-bot-github-token
                key: token

    Now, you can use the Preset in your job definition and refer to the Secret in your pipeline.