modules/builds-input-secrets-configmaps.adoc

// Module included in the following assemblies:
//
// * builds/creating-build-inputs.adoc

:_mod-docs-content-type: CONCEPT
[id="builds-input-secrets-configmaps_{context}"]
= Input secrets and config maps

[IMPORTANT]
====
To prevent the contents of input secrets and config maps from appearing in build output container images, use build volumes in your xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-docker[Docker build] and xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-s2i[source-to-image build] strategies.
====

In some scenarios, build operations require credentials or other configuration data to access dependent resources, but it is undesirable for that information to be placed in source control. You can define input secrets and input config maps for this purpose.

For example, when building a Java application with Maven, you can set up a private mirror of Maven Central or JCenter that is accessed by private keys. To download libraries from that private mirror, you have to supply the
following:

. A `settings.xml` file configured with the mirror's URL and connection settings.
. A private key referenced in the settings file, such as `~/.ssh/id_rsa`.

For security reasons, you do not want to expose your credentials in the application image.

This example describes a Java application, but you can use the same approach for adding SSL certificates into the `/etc/ssl/certs` directory, API keys or tokens, license files, and more.
Add build inputs modules 2018-11-16 14:39:58 -05:00			`// Module included in the following assemblies:`
			`//`
Correct module referenced from instances 2020-06-10 11:18:10 -04:00			`// * builds/creating-build-inputs.adoc`
Add build inputs modules 2018-11-16 14:39:58 -05:00
add content types to untagged modules OSDOCS-16694 2025-10-31 11:18:56 -04:00			`:_mod-docs-content-type: CONCEPT`
changed -{context} to _{context} 2019-05-13 08:55:00 +10:00			`[id="builds-input-secrets-configmaps_{context}"]`
Terminology style updates for the rest of the security book 2020-11-18 13:47:50 -05:00			`= Input secrets and config maps`
Add build inputs modules 2018-11-16 14:39:58 -05:00
RHDEVDOCS-3000 Document: Build Resource Volume Mounts 2021-10-13 09:47:28 -04:00			`[IMPORTANT]`
			`====`
OCPBUGS-15887: xrefs containing 'html' instead of 'adoc' 2023-07-13 12:00:01 +01:00			`To prevent the contents of input secrets and config maps from appearing in build output container images, use build volumes in your xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-docker[Docker build] and xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-s2i[source-to-image build] strategies.`
RHDEVDOCS-3000 Document: Build Resource Volume Mounts 2021-10-13 09:47:28 -04:00			`====`

Terminology style updates for the rest of the security book 2020-11-18 13:47:50 -05:00			`In some scenarios, build operations require credentials or other configuration data to access dependent resources, but it is undesirable for that information to be placed in source control. You can define input secrets and input config maps for this purpose.`
Add build inputs modules 2018-11-16 14:39:58 -05:00
OSDOCS-1350 Separate Builds command and output blocks 2020-08-06 13:15:31 -04:00			`For example, when building a Java application with Maven, you can set up a private mirror of Maven Central or JCenter that is accessed by private keys. To download libraries from that private mirror, you have to supply the`
Add build inputs modules 2018-11-16 14:39:58 -05:00			`following:`

OSDOCS-1350 Separate Builds command and output blocks 2020-08-06 13:15:31 -04:00			. A `settings.xml` file configured with the mirror's URL and connection settings.
			. A private key referenced in the settings file, such as `~/.ssh/id_rsa`.
Add build inputs modules 2018-11-16 14:39:58 -05:00
OSDOCS-1350 Separate Builds command and output blocks 2020-08-06 13:15:31 -04:00			`For security reasons, you do not want to expose your credentials in the application image.`
Add build inputs modules 2018-11-16 14:39:58 -05:00
OSDOCS-1350 Separate Builds command and output blocks 2020-08-06 13:15:31 -04:00			This example describes a Java application, but you can use the same approach for adding SSL certificates into the `/etc/ssl/certs` directory, API keys or tokens, license files, and more.