Creating secrets

docs/modules/ROOT/pages/how-tos/configuring/creating-secrets.adoc

@@ -1 +1,51 @@
-= Creating secrets for your builds
+= Creating secrets for your builds
+
+When you build your pipeline, you might want to add tasks that require **secrets** in order to access external resources.
+
+NOTE: One such task is the link:https://github.com/redhat-appstudio/build-definitions/tree/main/task/sast-snyk-check[sast-snyk-check] task that uses the third-party service link:https://snyk.io/[snyk] to perform static application security testing (SAST) as a part of the default {ProductName} pipeline. Use this procedure to upload your snyk.io token. Name the secret `sast_snyk_task` so that the snyk task in the {ProductName} pipeline will recognize it and use it.
+
+If you want to create an application using source code from GitLab, you need to add a GitLab access token to {ProductName} __before__ you create an application. For details, see <<Creating secrets for apps sourced from GitLab>> below.
+
+.Procedure 
+
+. In {ProductName}, from the left navigation menu, select **Secrets**.
+. From the **Secrets** page, click **Add secret**.
+. Select a secret type:
+    * **Key/value secret**
+    * **Image pull secret**
+    * **Source secret**
+. For **Secret name**, enter a unique name for your secret.
+. Under **Key/value secret**, expand **Key/value 1**, then enter a key.
+. For **Upload the file with value for your key or paste its contents**, do one of the following:
+    * Click **Upload** to browse to, select, and upload the file that contains your key value.
+    * Drag the file that contains your key value into the space under **Upload**.
+    * Paste the contents of the file that contains your key value into the space under **Upload**.
+  Click **Clear** to remove the contents of the space under **Upload**.
+. Optional: Click **Add another key/value**.
+. Optional: Under **Labels**, add a label to tag or provide more context for your secret.
+. Click **Add secret**.
+
+== Creating secrets for apps sourced from GitLab
+
+Before you create an application using source code from GitLab, generate an access token for your GitLab repository and upload it to your {ProductName} workspace.
+
+.Procedure
+
+. In GitLab select your avatar, then select **Edit profile** > **Access Tokens** > **Add new token**.
+. Select the following scopes: `api`, `read_repository`, and `write_repository`.
+. Optional: If your GitLab instance supports setting token role, set a role to `Maintainer`.
+. Select **Create personal access token**.
+. Add a token to your {ProductName} workspace.
+
+[NOTE]
+==== 
+* Each workspace can contain only one set of credentials for each Source Control Management (SCM) system, such as GitHub or GitLab. It means you can’t add two different tokens for a GitLab repository to a single workspace.
+
+* If you upload a GitLab access token to a workspace, {ProductName} won’t use the global GitHub application when accessing GitHub repositories.
+====
+
+.Additional resources
+
+* For more information about GitLab access tokens, see link:https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html[Personal access tokens].
+
+* To configure push secrets for your Build and Release pipelines, see link:https://github.com/konflux-ci/konflux-ci?tab=readme-ov-file#configuring-a-push-secret-for-the-build-pipeline[Configuring push secrets] in the Konflux GitHub repository.