Update subsection on Using Secrets
Fix the broken URL to Zuul's documentation on secrets and switch to recommending the zuul-client utility instead of the deprecated encrypt_secret.py script. Change-Id: I508b32011a128a76344265a1ba511d6613a7f393
This commit is contained in:
parent
5e063d7f1d
commit
827bc802b3
|
@ -316,10 +316,11 @@ Using Secrets
|
|||
.. sidebar:: Further reading
|
||||
|
||||
See the `Encryption
|
||||
<https://zuul-ci.org/docs/zuul/user/encryption.html>`_ section of the
|
||||
Zuul User Guide for more information on encryption and secrets, and
|
||||
the :ref:`handling-zuul-secrets` section of the Test Environment
|
||||
chapter for OpenDev's secret handling policy.
|
||||
<https://zuul-ci.org/docs/zuul/latest/project-config.html#encryption>`_
|
||||
section of Zuul's Project Configuration documentation for more
|
||||
information on encryption and secrets, and the
|
||||
:ref:`handling-zuul-secrets` section of the Test Environment chapter
|
||||
for OpenDev's secret handling policy.
|
||||
|
||||
Zuul makes it convenient to provide secrets which can be used to perform
|
||||
tasks with jobs run in post-review pipelines, like authenticating a job
|
||||
|
@ -329,15 +330,18 @@ in job definitions using per-project public keys served from a Zuul API,
|
|||
and are presented in their decrypted form as Ansible variables the jobs
|
||||
can use.
|
||||
|
||||
If you want to encrypt a secret, you can use the
|
||||
``tools/encrypt_secret.py`` script from project
|
||||
``zuul/zuul``. For example, to encrypt file
|
||||
``file_with_secret`` for project ``openstack/kolla`` use:
|
||||
If you want to encrypt a secret, install the ``zuul-client`` project
|
||||
from PyPI (or from your preferred distribution if it has at least
|
||||
version 0.1.0) and use its `encrypt subcommand
|
||||
<https://zuul-ci.org/docs/zuul-client/commands.html#encrypt>`_. For
|
||||
example, to encrypt the contents of a file named ``file_with_secret``
|
||||
for project ``openstack/kolla`` in the ``openstack`` tenant:
|
||||
|
||||
.. code-block:: shell
|
||||
|
||||
$ tools/encrypt_secret.py --infile file_with_secret \
|
||||
--tenant openstack https://zuul.opendev.org openstack/kolla
|
||||
$ zuul-client --zuul-url=https://zuul.opendev.org encrypt \
|
||||
--infile=file_with_secret --project=openstack/kolla \
|
||||
--tenant=openstack
|
||||
|
||||
Retiring a Project
|
||||
==================
|
||||
|
|
Loading…
Reference in New Issue