RFE : Improve secret management doc in OpenShift Pipeline and support Azure KeyVault

[ezYakaEagle442]

Writing your first OpenShift Pipeline/Tekton, you discover that secrets are declared as string in Tasks params and are displayed in clear text in the ARO console.

Request For Enhancement :

1. Improve ARO & OpenShift documentation to describe how to limit secret exposure in the Pipeline
2. Add in the roadmap the integration with Azure KeyVault + the Azure Key Vault Provider for Secrets Store CSI Driver

Note: There is no GitHub Issue page at - https://github.com/openshift/tektoncd-pipeline

See also:

• https://github.com/tektoncd/pipeline/blob/master/docs/tasks.md#using-a-secret-as-an-environment-source
• https://github.com/tektoncd/pipeline/issues/2343
• https://github.com/tektoncd/pipeline/issues/3443
• https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/pipelines/index
• https://docs.openshift.com/container-platform/4.6/pipelines/understanding-openshift-pipelines.html#about-tasks_understanding-openshift-pipelines

[ezYakaEagle442]

see also :

• https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues/363
• https://github.com/openshift/openshift-azure/issues/2344
• • https://github.com/Azure/secrets-store-csi-driver-provider-azure/pull/364

[ezYakaEagle442]

@amanohar @sakthi-vetrivel

[ezYakaEagle442]

Now the ARO docs is a pointer to OCP docs, the secret management is a bit described at https://docs.openshift.com/container-platform/4.6/security/container_security/security-deploy.html#security-deploy-secrets_security-deploy

[ezYakaEagle442]

cc @aramase @ritazh

[ezYakaEagle442]

@rahulm23 could you please flag this issue to the roadmap ?