docs: updated aws external secret doc (#2781)

* updated adding aws external secret doc

* Update secrets.md

* restuctured eso secrets

* Update aws-eso.md

* restructured content

* changed-generic-secret-image

* updated summary.md

* correction

Co-authored-by: Shubham9t9 <[email protected]>

Author: Shubham9t9

docs/SUMMARY.md

@@ -59,6 +59,9 @@
     * [CD Pipeline](user-guide/creating-application/workflow/cd-pipeline.md)
     * [Config Maps](user-guide/creating-application/config-maps.md)
     * [Secrets](user-guide/creating-application/secrets.md)
+      * [External Secret Operator (ESO)](user-guide/creating-application/eso/README.md)
+        * [AWS Secrets Manager](user-guide/creating-application/eso/aws-eso.md)
+
     * [Environment Overrides](user-guide/creating-application/environment-overrides.md)
     * [Deleting Application](user-guide/deleting-application.md)
   * [Build and Deploy](user-guide/deploying-application/README.md)

docs/user-guide/creating-application/eso/README.md

@@ -0,0 +1,19 @@
+# External Secret Operator (ESO)
+
+> **Prerequisites:** Chart version should be > 4.14.0
+
+External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
+
+## Install External Secret Operator
+
+Before creating any external secrets on Devtron, `External Secret Operator` must be installed on the target cluster.  `External Secret Operator` allows you to use external secret management systems (e.g., AWS Secrets Manager, Hashicorp Vault, Azure Secrets Manager,  Google Secrets Manager etc.) to securely inject secrets in Kubernetes.
+
+You can install `External Secrets Operator` using charts store:
+
+1. Go to charts store.
+2. Search chart with name `external-secrets`.
+
+![External secrets chart](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/external-secret.png)
+
+3. If you don't find any chart with this name i.e `external-secrets`, add chart repository using repository url  ` https://charts.external-secrets.io`. Please follow this [documentation](https://docs.devtron.ai/getting-started/global-configurations/chart-repo#add-chart-repository) for adding chart repository.
+4. Deploy the chart.

docs/user-guide/creating-application/eso/aws-eso.md

@@ -0,0 +1,39 @@
+# AWS Secrets Manager
+
+To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication.
+
+Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this.
+
+**Note:** You don't have to create the Kubernetes secret everytime you create External Secret for the respective namespace.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-generic-chart.jpg)
+
+After creating the generic secret, navigate to `Secrets` section of the application and follow the steps mentioned below :
+
+1. Click `Add Secret` to add a new secret.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/add-secrets.jpg)
+
+2. Select `AWS Secret Manager` under `External Secret Operator` (ESO) from the dropdown of `Data type`.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-manager-dropdown.jpg)
+
+3. Configure secret:
+
+| Key | Description |
+| :--- | :--- |
+| `region` | AWS region in which secret is created. |
+| `accessKeyIDSecretRef.name` | Name of secret created that would be used for authentication.|
+| `accessKeyIDSecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored. |
+| `secretAccessKeySecretRef.name` | Name of secret created that would be used for authentication.|
+| `secretAccessKeySecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored.|
+| `secretKey` | Variable name to store secret. |
+| `key` | AWS Secrets Manager secret name. |
+| `property` | AWS Secrets Manager secret key. |
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-eso.jpg)
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-external-secret.jpg)
+
+
+4. Save secret.

docs/user-guide/creating-application/secrets.md

@@ -8,7 +8,7 @@ Secret objects let you store and manage sensitive information, such as passwords
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/add-secret.jpg)
 
-Click on `Add Secret` to add a new secret.
+Click `Add Secret` to add a new secret.
 
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-2.jpg)
@@ -37,7 +37,7 @@ AWS Secret Manager, AWS System Manager and Hashi Corp Vault, for these cases `Na
 File permission will be provide at the configmap level not on the each key of the configmap. it will take 3 digit standard permission for the file.
 
 
-Click on `Save Secret` to save the secret.
+Click `Save Secret` to save the secret.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-4.jpg)
 
@@ -49,15 +49,15 @@ You can see the Secret is added.
 
 You can update your secrets anytime later, but you cannot change the name of your secrets. If you want to change your name of secrets then you have to create a new secret.
 
-To update secrets, click on the secret you wish to update.
+To update secrets, click the secret you wish to update.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-6.jpg)
 
-Click on `Update Secret` to update your secret.
+Click `Update Secret` to update your secret.
 
 ## Delete Secret
 
-You can delete your secret. Click on your secret and click on the `delete sign` to delete your secret.
+You can delete your secret. Click your secret and click the `delete sign` to delete your secret.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-7.jpg)
 
@@ -77,32 +77,12 @@ There are five Data types that you can use to save your secret.
 
 Use this option to mount an existing Kuberentes Secret in your application pods. A Secret will not be created by system so please ensure that the secret already exist within the namespace else the deployment will fail.
 
-### External Secret Operator (ESO)
-
-> **Prerequisites:** Chart version should be > 4.14.0
-
-External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.
-
-#### AWS Secret Manager
-
-Before creating any external secrets on Devtron, `External Secret Operator` must be installed on the target cluster.  `External Secret Operator` allows you to use external secret management systems (e.g., AWS Secrets Manager, Hashicorp Vault, Azure Secrets Manager,  Google Secrets Manager etc.) to securely inject secrets in Kubernetes.
-
-You can install `External Secrets Operator` using charts store:
-
-1. Go to charts store.
-2. Search chart with name `external-secrets`.
-
-![External secrets chart](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/external-secret.png)
-
-3. If you don't find any chart with this name i.e `external-secrets`, add chart repository using repository url  ` https://charts.external-secrets.io`. Please follow this [documentation](https://docs.devtron.ai/getting-started/global-configurations/chart-repo#add-chart-repository) for adding chart repository.
-4. Deploy the chart.
-
 ### Kubernetes External Secret (Deprecated)
 
 The secret that is already created and stored in the environment and being used by Devtron externally is referred here as `Kubernetes External Secret`. For this option, Devtron will not create any secret by itself but they can be used within the pods. Before adding secret from kubernetes external secret, please make sure that secret with the same name is present in the environment. To add secret from kubernetes external secret, follow the steps mentioned below:
 
 1. Navigate to `Secrets` of the application.
-2. Click on `Add Secret` to add a new secret.
+2. Click `Add Secret` to add a new secret.
 3. Select `Kubernetes External Secret` from dropdown of `Data type`.
 4. Provide a name to your secret. Devtron will search secret in the environment with the same name that you mention here. 
 
@@ -128,7 +108,7 @@ To add secrets from AWS secret manager, navigate to `Secrets` of the application
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-8.jpg)
 
-1. Click on `Add Secret` to add a new secret.
+1. Click `Add Secret` to add a new secret.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret.png)
 
@@ -154,7 +134,7 @@ All the required field to pass your data to fetch secrets on Devtron are describ
 To add secrets in AWS secret manager, do the following steps :
 
 1. Go to AWS secret manager console.
-2. Click on `Store a new secret`.
+2. Click `Store a new secret`.
 3. Add and save your secret.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/creating-applications-secrets-10.jpg)