Customer has a request to make RH entitlements to be available in buildah’s containers in the buildah taskrun’s pod.Their use case is “One of my customer who is working on plants and edge use cases wants install packages entitled under “Red Hat subscriptions” and not covered by UBI9, using OpenShift-Pipelines and Buildah.” See this case here. (https://access.redhat.com/support/cases/#/case/03540477)

While it’s possible to mount the entitlement keys as secret in the Tekton pod and use it with buildah, Customer is not comfortable with the approach as according to them “it does not provide any means to safely distribute and rotate the entitlement keys, note that I thousands of developers. I would rather maintain these secrets in one namespace and provide read-only access to everyone.”

That’s where the shared secrets CSI driver will help a lot.

Acceptance Criteria:
1. Mount entitlement keys as secrets in Shared secret CSI driver.
2. Use the secret with buildah to make RH entitlements available in buildah taskrun pod.

As part of the story the focus is to create a step by step doc