Merge pull request #104948 from openshift-cherrypick-robot/cherry-pick-103263-to-enterprise-4.21

[enterprise-4.21] OSDOCS#16499: Understanding secrets management

_topic_maps/_topic_map.yml

@@ -1197,6 +1197,8 @@ Topics:
     File: nbde-tang-server-operator-configuring-managing
   - Name: Identifying URL of a Tang server deployed with the NBDE Tang Server Operator
     File: nbde-tang-server-operator-identifying-url
+- Name: Understanding secrets management
+  File: understanding-secrets-management
 - Name: cert-manager Operator for Red Hat OpenShift
   Dir: cert_manager_operator
   Distros: openshift-enterprise

modules/secrets-management-operators.adoc

@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * security/understanding-secrets-management.adoc
+:_mod-docs-content-type: REFERENCE
+[id="secrets-management-operators_{context}"]
+= Secrets management Operators in {product-title}
+
+[role="_abstract"]
+{product-title} offers a suite of supported Operators designed to secure and automate the management of sensitive data, such as external credentials and digital certificates. Each secrets management Operator provides quick starts and sample YAML manifests to streamline the onboarding process. These tools simplify installation and deployment, and help you build complex custom resources by using pre-defined YAML snippets. The following list details the key Operators available for these tasks:
+
+* *{secrets-store-driver}*: Enables Kubernetes to connect to external systems, and mount credentials from the external system into an application workload.
+
+* *{external-secrets-operator}*: Retrieves credentials stored in external management systems and makes them available within {product-title} as standard Kubernetes Secrets.
+
+* *{cert-manager-operator}*: Manages the lifecycle of digital certificates that are used by applications running on {product-title} by automating the process of issuance and renewal.

security/understanding-secrets-management.adoc

@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="understanding-secrets-management"]
+= Understanding secrets management in {product-title}
+:context: understanding-secrets-management
+
+toc::[]
+
+[role="_abstract"]
+Secret management tools can be used to automate the lifecycle of sensitive data, such as passwords, private files, and certificates, by providing a centralized system to control and monitor access. This approach enhances security by limiting the uncontrolled spread of secrets and enables automation for the entire secret lifecycle, including updates, expiration, and removal.
+
+{product-title} uses a flexible Operator and plugin design to decouple your workloads from external secret managers, ensuring you are not locked into a single vendor. In this model, the Operator acts as an intermediary, while a vendor-specific plugin manages communication between the cluster and the external storage. This allows applications to access secrets without needing to know the details of where or how they are stored.
+
+include::modules/secrets-management-operators.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc#persistent-storage-csi-secrets-store[Secrets Store Container Storage Interface Driver Operator]
+
+* xref:../security/external_secrets_operator/index.adoc#external-secrets-operator-about[{external-secrets-operator}]
+
+* xref:../security/cert_manager_operator/index.adoc#cert-manager-operator-about[{cert-manager-operator}]