Update subsection on Using Secrets

Fix the broken URL to Zuul's documentation on secrets and switch to recommending the zuul-client utility instead of the deprecated encrypt_secret.py script. Change-Id: I508b32011a128a76344265a1ba511d6613a7f393
2023-02-17 12:57:17 +00:00 · 2023-02-17 12:57:17 +00:00 · 827bc802b3
parent 5e063d7f1d
commit 827bc802b3
1 changed files with 14 additions and 10 deletions
--- a/doc/source/drivers.rst
+++ b/doc/source/drivers.rst
@ -316,10 +316,11 @@ Using Secrets
 .. sidebar:: Further reading

   See the `Encryption
-   <https://zuul-ci.org/docs/zuul/user/encryption.html>`_ section of the
-   Zuul User Guide for more information on encryption and secrets, and
-   the :ref:`handling-zuul-secrets` section of the Test Environment
-   chapter for OpenDev's secret handling policy.
+   <https://zuul-ci.org/docs/zuul/latest/project-config.html#encryption>`_
+   section of Zuul's Project Configuration documentation for more
+   information on encryption and secrets, and the
+   :ref:`handling-zuul-secrets` section of the Test Environment chapter
+   for OpenDev's secret handling policy.

 Zuul makes it convenient to provide secrets which can be used to perform
 tasks with jobs run in post-review pipelines, like authenticating a job
@ -329,15 +330,18 @@ in job definitions using per-project public keys served from a Zuul API,
 and are presented in their decrypted form as Ansible variables the jobs
 can use.

-If you want to encrypt a secret, you can use the
-``tools/encrypt_secret.py`` script from project
-``zuul/zuul``. For example, to encrypt file
-``file_with_secret`` for project ``openstack/kolla`` use:
+If you want to encrypt a secret, install the ``zuul-client`` project
+from PyPI (or from your preferred distribution if it has at least
+version 0.1.0) and use its `encrypt subcommand
+<https://zuul-ci.org/docs/zuul-client/commands.html#encrypt>`_. For
+example, to encrypt the contents of a file named ``file_with_secret``
+for project ``openstack/kolla`` in the ``openstack`` tenant:

 .. code-block:: shell

-   $ tools/encrypt_secret.py --infile file_with_secret \
-     --tenant openstack https://zuul.opendev.org openstack/kolla
+   $ zuul-client --zuul-url=https://zuul.opendev.org encrypt \
+     --infile=file_with_secret --project=openstack/kolla \
+     --tenant=openstack

 Retiring a Project
 ==================