doc: HashiCorp external secret operator (#3608)

Shubham9t9 · Shubham9t9 · ashoknayak777 · web-flow · commit 41103807f97b · 2023-08-17T23:22:36.000+05:30
* doc for hashicorp eso

* edited summary.md

* Proofread aws-eso.md

* Proofread hashicorp-eso.md

---------

Co-authored-by: Shubham9t9 &lt;shubhamkumar47022@gmai.com&gt;
Co-authored-by: ashokdevtron &lt;141001279+ashokdevtron@users.noreply.github.com&gt;
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
@@ -65,6 +65,7 @@
       * [External Secret Operator (ESO)](user-guide/creating-application/eso/README.md)
         * [AWS Secrets Manager](user-guide/creating-application/eso/aws-eso.md)
         * [Google Secrets Manager](user-guide/creating-application/eso/gcp-eso.md)
+        * [HashiCorp Vault](user-guide/creating-application/eso/hashicorp-eso.md)
 
     * [Environment Overrides](user-guide/creating-application/environment-overrides.md)
     * [Deleting Application](user-guide/deleting-application.md)
diff --git a/docs/user-guide/creating-application/eso/aws-eso.md b/docs/user-guide/creating-application/eso/aws-eso.md
@@ -2,41 +2,41 @@
 
 To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication.
 
-Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this.
+Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use a Devtron generic chart for it.
 
-**Note:** You don't have to create the Kubernetes secret everytime you create External Secret for the respective namespace.
+**Note**: You don't have to create the Kubernetes secret every time you create external secret for the respective namespace.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-generic-chart.jpg)
 
 After creating the generic secret, navigate to `Secrets` section of the application and follow the steps mentioned below :
 
-**1. Click `Add Secret` to add a new secret.**
+**1. Click `Add Secret` to add a new secret**
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/add-secrets.jpg)
 
-**2. Select `AWS Secret Manager` under `External Secret Operator` (ESO) from the dropdown of `Data type`.**
+**2. Select `AWS Secret Manager` under `External Secret Operator` (ESO) from the dropdown of `Data type`**
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-manager-dropdown.jpg)
 
-**3. Configure secret:**
+**3. Configure the secret**
 
 | Key | Description |
 | :--- | :--- |
-| `region` | AWS region in which secret is created. |
-| `accessKeyIDSecretRef.name` | Name of secret created that would be used for authentication.|
-| `accessKeyIDSecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored. |
-| `secretAccessKeySecretRef.name` | Name of secret created that would be used for authentication.|
-| `secretAccessKeySecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored.|
-| `secretKey` | Key name to store secret. |
-| `key` | AWS Secrets Manager secret name. |
-| `property` | AWS Secrets Manager secret key. |
+| `region` | AWS region in which secret is created |
+| `accessKeyIDSecretRef.name` | Name of secret created that would be used for authentication|
+| `accessKeyIDSecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored |
+| `secretAccessKeySecretRef.name` | Name of secret created that would be used for authentication|
+| `secretAccessKeySecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored|
+| `secretKey` | Key name to store secret |
+| `key` | AWS Secrets Manager secret name |
+| `property` | AWS Secrets Manager secret key |
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-eso.jpg)
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-external-secret.jpg)
 
 
-**4. Save secret.**
+**4. Save the secret**
 
 
 ## ESO AWS secrets Manager Setup with Devtron using ClusterSecretsStore
@@ -47,19 +47,19 @@ ClusterSecretStore provides a secure and centralized storage solution for managi
 
 To setup ESO AWS secrets manager with Devtron using ClusterSecretsStore, follow the mentined steps:
 
-**1. Create a secret for AWS authentication:**
+**1. Create a secret for AWS authentication**
 
 Create a Kubernetes secret in any namespace using base64 encoded AWS access-key and secret-access-key. You can use the devtron generic chart for this.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-generic-chart.jpg)
 
-**2. create a `ClusterSecretStore`**
+**2. Create a `ClusterSecretStore`**
 
 Create a `ClusterSecretStore` using the secret created for AWS authentication in step 1.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/clustersecretstore-yaml.jpg)
 
-**3. Create a secret in the application using ESO AWS Secrets Manager:**
+**3. Create a secret in the application using ESO AWS Secrets Manager**
 
 Go to the application where you want to create an external secret. Navigate to secrets section under application configuration and create a secret using ESO AWS Secrets Manager.
 
diff --git a/docs/user-guide/creating-application/eso/hashicorp-eso.md b/docs/user-guide/creating-application/eso/hashicorp-eso.md
@@ -0,0 +1,59 @@
+# HashiCorp Vault
+
+To incorporate secrets from **HashiCorp Vault**, you need to create a generic Kubernetes secret that will be used for vault authentication. This involves creating a Kubernetes secret in the specific namespace where your application will be deployed. 
+The secret should store the base64-encoded password or token obtained from vault. To simplify the process, you can utilize the Devtron generic chart. An example yaml is given below:
+
+```yaml
+apiVersion: v1
+kind: Secret
+type: Opaque
+data:
+   token: <vault-password>
+metadata:
+   name: vault-token
+   namespace: <namespace>
+```
+
+**Note**: Please note that you don't need to create the Kubernetes secret every time you create an External Secret for the corresponding namespace.
+
+Once you have created the generic secret, follow these steps in the application's Secrets section:
+
+**1. Create a new secret**
+
+To add a new secret to the application, go to the `App Configuration` section of the application. Then, navigate to the left pane and select the `Secrets` option and click the **Add Secret** button.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-add-secret.jpg)
+
+**2. Select `HashiCorp Vault` as the External Secret Operator**
+
+After clicking the **Add Secret** button, select `HashiCorp Vault` from the dropdown menu for the `Data type` option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-secret-type.jpg)
+
+**3. Configure the secret**
+
+To configure the external secret that will be fetched from HashiCorp Vault for your application, you will need to provide specific details using the following key-value pairs:
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-secret-configure.jpg)
+
+
+| Key | Description |
+| :--- | :--- |
+| `vault.server` | Server is the connection address for the Vaultserver, e.g: "https://vault.example.com:8200" |
+| `vault.path` | Specify the path where the secret is stored in Vault |
+| `tokenSecretRef.name` | Enter the name of the secret that will be used for authentication |
+| `tokenSecretRef.key` | Specify the key name within the secret that contains the token |
+| `secretKey` | Provide a name for the secret in Kubernetes |
+| `key` | Enter the name of the secret in Vault |
+| `property` | Specify the key within the Vault secret |
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/tokenSecretRef.jpg)
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-eso.jpg)
+
+**4. Save the secret**
+
+After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking the **Save** button. 
+
+By following the steps mentioned above and configuring these values correctly, you can seamlessly fetch and utilize external secrets from HashiCorp Vault within your application environment by deploying the application.
+
