Spike

Builds need a generalizable way for content to be injected into builds in such a way that they are not present in any layer within the image.
In OpenShift 3.x we had a means of secretly mounting RHEL entitlements on the node in such a way that they could be consumed by RHEL-based containers. Regular build secrets did not do this - secret content was copied in, then truncated/deleted in a separate step.

Potential use cases:

1. Inject RHEL entitlements
2. Credentials for Maven/Nexus repos

Questions to address:

1. Should this behavior be applied to all build secrets?

Acceptance Criteria

1. Enhancement proposal with an implementable execution plan. https://github.com/openshift/enhancements/pull/733
2. JIRA story/stories for a future release.

Notes