Merge pull request #178 from stakater/secret-docs-iteration

secrets docs

content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md

@@ -15,6 +15,8 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi
 
 ## Tutorial
 
+### Creating Webhook
+
 1. Begin by accessing the repository where you plan to set up the webhook. In your source code GitHub repository, locate and click on the `Settings` tab.
 
      ![Repository settings](images/repository-settings.png)
@@ -44,7 +46,7 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi
     Now copy it and paste it under `Secret` section in Webhook.
 
     !!! note
-        Save the secret because we will need it later.
+        Save the secret because we will need it later when we add it in to Vault.
 
 1. Choose the specific events that should trigger the webhook. Click “Let me select individual events” and select the following events to trigger the webhook:
 
@@ -62,4 +64,30 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi
     !!! note
         For GitLab Webhook configuration follow [this](https://pipelinesascode.com/docs/install/gitlab/), for Bitbucket webhook configuration follow [this](https://pipelinesascode.com/docs/install/bitbucket_cloud/).
 
+### Adding Webhook Secret to Vault
+
+1. Access Vault from `Forecastle` console, search `Vault` and open the `Vault` tile.
+
+   ![Forecastle-Vault](images/forecastle.png)
+
+1. From the drop-down menu under `Method`, select `OIDC` and click on `Sign in with OIDC Provider`.
+
+   ![Vault-odic-login](images/login-oidc.png)
+
+1. You will be brought to the `Vault` console. You should see the key/value path for <your-tenant>.
+
+   ![secret engine](images/vault-tenant.png)
+
+1. Click on `<your-tenant>/kv/`.
+
+1. You will now be brought to the `secrets` and the `configurations` in Vault for <your-tenant>. Click on `create secret`.
+
+   ![create secret](images/create-secret.png)
+
+1. Let's create a `github-webhook-config` secret for our webhook secret. Write the name of the secret in `path` which is `github-webhook-config`. Add `secret data`, key: `webhook.secret`, value: (your webhook secret). Hit save.
+
+   ![secret data](images/webhook-secret.png)
+
+Congratulations! You have successfully configured GitHub access. Let's move to next tutorial.
+
 Great! Now that you added a Webhook to your repository, let's move on to create secret for it in the next tutorial.

content/for-developers/tutorials/outer-loop/add-ci-pipeline/04.0-add-repository-overview.md

@@ -0,0 +1,9 @@
+# Overview
+
+The first thing that you will need to do for your Tekton pipeline to work is to create a Repository CR. The Repository CR tells pipeline-as-code controller that events from a specific repository need to be handled. It also provides a way for pipeline as code controller to authenticate with the GitHub repository through a personal access token.
+
+We will add the Repository CR in three steps.
+
+* First, we will generate a personal access token on GitHub.
+* Second, we will create an External Secret and add the token to Vault.
+* Last, we will create a repository CR and reference the secret in it.

content/for-developers/tutorials/outer-loop/add-ci-pipeline/04-configure-github-access.md → content/for-developers/tutorials/outer-loop/add-ci-pipeline/04.1-configure-github-access.md

@@ -1,13 +1,5 @@
 # Configure SCM (GitHub) Access
 
-The first thing that you will need to do for your Tekton pipeline to work is to create a Repository CR. The Repository CR tells pipeline-as-code controller that events from a specific repository need to be handled. It also provides a way for pipeline as code controller to authenticate with the GitHub repository through a personal access token.
-
-We will add the Repository CR in three steps.
-
-* First, we will generate a personal access token on GitHub.
-* Second, we will create an External Secret and add the token to Vault.
-* Last, we will create a repository CR and reference the secret in it.
-
 In this section, you'll learn how to configure GitHub access by generating a Fine-grained Personal Access Token (PAT) and securely storing it as a secret in Vault. These steps are essential for establishing a secure and automated Continuous Integration/Continuous Deployment (CI/CD) pipeline using pipeline-as-code concepts.
 
 A Fine-grained PAT ensures that your CI/CD pipeline can securely interact with your GitHub repositories. By generating a token with finely controlled permissions, you grant the pipeline only the specific access it requires, reducing potential security risks. Additionally, storing the PAT in Vault adds an extra layer of security to protect your credentials.
@@ -34,7 +26,7 @@ A Fine-grained PAT ensures that your CI/CD pipeline can securely interact with y
 
    * Navigate to `Developer settings`
 
-        <div style="text-align:center"><img src="images/developer-settings.png" /></div>
+     <div style="text-align:center"><img src="images/developer-settings.png" /></div>
 
    * Go to `Personal access tokens`.
    * From drop-down select `Fine-grained Tokens`.
@@ -56,7 +48,33 @@ A Fine-grained PAT ensures that your CI/CD pipeline can securely interact with y
 
     <div style="text-align:center"><img src="images/pat-permissions.png" /></div>
 
-   !!! note
-   > Save the token cautiously, you'll need to save it in `Vault` in upcoming tutorials.
+    !!! note
+        Save the token cautiously, you'll need to save it in `Vault` in upcoming tutorials.
+
+### Create PAT Secret in Vault
+
+Login to Vault to view <your-tenant> path.
+
+1. Access Vault from `Forecastle` console, search `Vault` and open the `Vault` tile.
+
+   ![Forecastle-Vault](images/forecastle.png)
+
+1. From the drop-down menu under `Method`, select `OIDC` and click on `Sign in with OIDC Provider`.
+
+   ![Vault-odic-login](images/login-oidc.png)
+
+1. You will be brought to the `Vault` console. You should see the key/value path for <your-tenant>.
+
+   ![secret engines](images/secret-engines.png)
+
+1. Click on `<your-tenant>/kv/`.
+
+1. You will now be brought to the `secrets` and the `configurations` in Vault for <your-tenant>. Click on `create secret`.
+
+   ![create secret](images/create-secret.png)
+
+1. Let's create a `github-webhook-config` secret for our PAT GitHub token. Write the name of the secret in `path` which is `github-webhook-config`. Add `secret data`, key: `provider.token`, value: (your GitHub token). Hit save.
+
+   ![secret data](images/secret-data.png)
 
 Congratulations! You have successfully configured GitHub access. Let's move to next tutorial.

content/for-developers/tutorials/outer-loop/prerequisites.md

@@ -6,7 +6,7 @@ Before you embark on setting up your pipeline as code, it's essential to ensure
 
 In certain cases, you may need to add a new environment to an existing application within a tenant. For example, when incorporating a production cluster into your infrastructure, you'll want to extend your application's deployment capabilities to this new environment. Ensure you have a clear understanding of how to add and configure this environment to your application as part of your prerequisites.
 
-## [Personal Access Token (PAT)](./add-ci-pipeline/04-configure-github-access.md)
+## [Personal Access Token (PAT)](./add-ci-pipeline/04.1-configure-github-access.md)
 
 A Personal Access Token (PAT) is an essential component for ensuring secure and authenticated interactions with your code repositories. This token serves as a vital bridge between your pipeline and your version control system, allowing it to access and manage your code repositories. Whether it's for fetching code, creating branches, or managing pull requests, this token is the cornerstone of performing Git operations securely.
 

mkdocs.yml

@@ -147,14 +147,13 @@ nav:
                   - for-developers/tutorials/outer-loop/add-ci-pipeline/01-overview.md
                   - for-developers/tutorials/outer-loop/add-ci-pipeline/02-deploying-secrets.md
                   - for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/04-configure-github-access.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/05-add-external-secret.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/06-create-repository.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/07-add-secrets-to-apps-gitops.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/08-adding-pipeline.md
-                  - for-developers/tutorials/outer-loop/create-repo-crd/create-repository.md
-                  - for-developers/tutorials/outer-loop/github-ssh/github-ssh.md
-                  - for-developers/tutorials/outer-loop/add-ci-pipeline/add-ci-pipeline.md
+                  - Add Repository:
+                    - for-developers/tutorials/outer-loop/add-ci-pipeline/04.0-add-repository-overview.md
+                    - for-developers/tutorials/outer-loop/add-ci-pipeline/04.1-configure-github-access.md
+                    - for-developers/tutorials/outer-loop/add-ci-pipeline/04.2-add-external-secret.md
+                    - for-developers/tutorials/outer-loop/add-ci-pipeline/04.3-create-repository.md
+                  - for-developers/tutorials/outer-loop/add-ci-pipeline/05-add-secrets-to-apps-gitops.md
+                  - for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md
                 - for-developers/tutorials/outer-loop/promote-application/promote-app.md
         - How-to guides:
             - for-developers/how-to-guides/add-a-new-environment-to-apps-gitops/add-a-new-environment-to-application.md