Adds robot account info to security docs (#1091)

Co-authored-by: Steven Smith <stevsmit@stevsmit-thinkpadt14gen4.remote.csb>
quay · Sep 9, 2024 · 885412b · 885412b
1 parent 40ae901
commit 885412b
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/modules/robot-account-overview.adoc b/modules/robot-account-overview.adoc
@@ -24,7 +24,17 @@ Setting up a Robot Account results in the following:
 
 * Repositories and images that the Robot Account can push and pull images from are identified. 
 
-* Generated credentials can be copied and pasted to use with different container clients, such as Docker, Podman, Kubernetes, Mesos, and so on, to access each defined repository. 
+* Generated credentials can be copied and pasted to use with different container clients, such as Docker, Podman, Kubernetes, Mesos, and so on, to access each defined repository.
+
+ifeval::["{context}" == "quay-security"]
+Robot Accounts can help secure your {productname} registry by offering various security advantages, such as the following:
+
+* Specifying repository access.
+* Granular permissions, such as `Read` (pull) or `Write` (push) access. They can also be equipped with `Admin` permissions if warranted.
+* Designed for CI/CD pipelines, system integrations, and other automation tasks, helping avoid credential exposure in scripts, pipelines, or other environment variables.
+* Robot Accounts use tokens instead of passwords, which provides the ability for an administrator to revoke the token in the event that it is compromised. 
+
+endif::[]
 
 Each Robot Account is limited to a single user namespace or Organization. For example, the Robot Account could provide access to all repositories for the user `quayadmin`. However, it cannot provide access to repositories that are not in the user's list of repositories.
 

diff --git a/tls-config/master.adoc b/tls-config/master.adoc
@@ -5,20 +5,36 @@ include::modules/attributes.adoc[]
 = Red Hat Quay security enhancements
 :context: quay-security
 
+{productname} is built for enterprise use cases where content governance and security are two major focus areas. 
+
 This guide provides guidance for enhancing the security of your {productname} deployment. The following topics are covered:
 
 * Adjusting repository visibility
+* Creating and managing robot accounts
 * Creating self-signed Certificate Authorities
 * Configuring custom SSL/TLS certificates for standalone {productname} deployments
 * Configuring custom SSL/TLS certificates for {productname-ocp}
 * Adding additional Certificate Authorities to the {productname} container
 * Adding additional Certificate Authorities to {productname-ocp}
+* Clair vulnerability reporting
 
 //private repo
 include::modules/proc_use-quay-create-repo.adoc[leveloffset=+1]
 include::modules/adjusting-repository-visibility-via-the-ui.adoc[leveloffset=+2]
 include::modules/adjusting-repository-access-via-the-api.adoc[leveloffset=+2]
 
+
+
+//robot accounts
+include::modules/robot-account-overview.adoc[leveloffset=+1]
+include::modules/creating-robot-account-v2-ui.adoc[leveloffset=+2]
+include::modules/creating-robot-account-api.adoc[leveloffset=+2]
+include::modules/managing-robot-account-permissions-v2-ui.adoc[leveloffset=+2]
+include::modules/disabling-robot-account.adoc[leveloffset=+2]
+include::modules/regenerating-robot-account-token-api.adoc[leveloffset=+2]
+include::modules/deleting-robot-account-v2-ui.adoc[leveloffset=+2]
+include::modules/deleting-robot-account-api.adoc[leveloffset=+2]
+
 //creating ssl-tls-certificates
 include::modules/ssl-tls-quay-overview.adoc[leveloffset=+1]
 include::modules/ssl-create-certs.adoc[leveloffset=+2]
@@ -43,4 +59,6 @@ include::modules/adding-ca-certs-to-config.adoc[leveloffset=+3]
 //Kubernetes
 include::modules/config-custom-ssl-certs-kubernetes.adoc[leveloffset=+2]
 
+//isolated builds
+