From df4f09596aba5194d5e7f772c8c49c76ac247c95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Mon, 27 Nov 2023 12:16:23 +0100 Subject: [PATCH] Mention an exception if multiple secrets are necessary MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- .../operations/zuul-ci-cd-quickstart-user-guide.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/dev-docs/operations/operations/zuul-ci-cd-quickstart-user-guide.md b/dev-docs/operations/operations/zuul-ci-cd-quickstart-user-guide.md index f6f89d7505..6d8f3c96d2 100644 --- a/dev-docs/operations/operations/zuul-ci-cd-quickstart-user-guide.md +++ b/dev-docs/operations/operations/zuul-ci-cd-quickstart-user-guide.md @@ -312,12 +312,19 @@ You may use this content or the file to provide it as a secret. You just have to The secret name has to be unique across all projects. Because of this, we have a naming convention in the `SovereignCloudStack` organisation that ensures that a secret has a unique name. -There is only one secret per Zuul configuration per project. This secret always has a name in the form -`SECRET_REPOSITORY_NAME`. If a secret in the `SovereignCloudStack/k8s-cluster-api-provider` repository is +Our convention is as follows. There is only one secret per Zuul configuration per project (for exceptions, +see below). This secret always has a name in the form +`SECRET_REPOSITORY_NAME`. For instance, if a secret in the `SovereignCloudStack/k8s-cluster-api-provider` +repository is to be used, it is given the name `SECRET_K8S_CLUSTER_API_PROVIDER`. The name of the repository is -always written in capital letters. A minus is replaced with an underscore. Any number of values +always written in capital letters. A dash is replaced with an underscore. Any number of values (`: !encrypted/pkcs1-oaep`) can then be assigned to this one secret. +In certain cases, it can be undesireable to expose all secret information to all jobs in a project. +Then additional secrets may be used, whose names have to be formed by appending an underscore and some +upper-case prefix to the name of the primary secret. For instance, we might use the +name `SECRET_REPOSITORY_NAME_FOOBAR`. + Official documentation: 1. [Secrets documentation](https://zuul-ci.org/docs/zuul/latest/config/secret.html#secret)