diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index 90dbfa8d88..46643e96a9 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -63,6 +63,7 @@ * [External Secret Operator (ESO)](user-guide/creating-application/eso/README.md) * [AWS Secrets Manager](user-guide/creating-application/eso/aws-eso.md) * [Google Secrets Manager](user-guide/creating-application/eso/gcp-eso.md) + * [HashiCorp Vault](user-guide/creating-application/eso/hashicorp-eso.md) * [Environment Overrides](user-guide/creating-application/environment-overrides.md) * [Deleting Application](user-guide/deleting-application.md) diff --git a/docs/user-guide/creating-application/eso/aws-eso.md b/docs/user-guide/creating-application/eso/aws-eso.md index 23534103ca..ba4c3f1ef3 100644 --- a/docs/user-guide/creating-application/eso/aws-eso.md +++ b/docs/user-guide/creating-application/eso/aws-eso.md @@ -2,41 +2,41 @@ To add secrets from **AWS Secrets Manager**, we need to create a generic Kubernetes secret for AWS authentication. -Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use devtron generic chart for this. +Create a Kubernetes secret in the namespace in which the application is to be deployed using base64 encoded AWS access-key and secret-access-key. You can use a Devtron generic chart for it. -**Note:** You don't have to create the Kubernetes secret everytime you create External Secret for the respective namespace. +**Note**: You don't have to create the Kubernetes secret every time you create external secret for the respective namespace. ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-generic-chart.jpg) After creating the generic secret, navigate to `Secrets` section of the application and follow the steps mentioned below : -**1. Click `Add Secret` to add a new secret.** +**1. Click `Add Secret` to add a new secret** ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/add-secrets.jpg) -**2. Select `AWS Secret Manager` under `External Secret Operator` (ESO) from the dropdown of `Data type`.** +**2. Select `AWS Secret Manager` under `External Secret Operator` (ESO) from the dropdown of `Data type`** ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-manager-dropdown.jpg) -**3. Configure secret:** +**3. Configure the secret** | Key | Description | | :--- | :--- | -| `region` | AWS region in which secret is created. | -| `accessKeyIDSecretRef.name` | Name of secret created that would be used for authentication.| -| `accessKeyIDSecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored. | -| `secretAccessKeySecretRef.name` | Name of secret created that would be used for authentication.| -| `secretAccessKeySecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored.| -| `secretKey` | Key name to store secret. | -| `key` | AWS Secrets Manager secret name. | -| `property` | AWS Secrets Manager secret key. | +| `region` | AWS region in which secret is created | +| `accessKeyIDSecretRef.name` | Name of secret created that would be used for authentication| +| `accessKeyIDSecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded AWS access-key is stored | +| `secretAccessKeySecretRef.name` | Name of secret created that would be used for authentication| +| `secretAccessKeySecretRef.key` | In generic secret created for AWS authentication, variable name in which base64 encoded secret-access-key is stored| +| `secretKey` | Key name to store secret | +| `key` | AWS Secrets Manager secret name | +| `property` | AWS Secrets Manager secret key | ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-eso.jpg) ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-external-secret.jpg) -**4. Save secret.** +**4. Save the secret** ## ESO AWS secrets Manager Setup with Devtron using ClusterSecretsStore @@ -47,19 +47,19 @@ ClusterSecretStore provides a secure and centralized storage solution for managi To setup ESO AWS secrets manager with Devtron using ClusterSecretsStore, follow the mentined steps: -**1. Create a secret for AWS authentication:** +**1. Create a secret for AWS authentication** Create a Kubernetes secret in any namespace using base64 encoded AWS access-key and secret-access-key. You can use the devtron generic chart for this. ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/aws-secret-generic-chart.jpg) -**2. create a `ClusterSecretStore`** +**2. Create a `ClusterSecretStore`** Create a `ClusterSecretStore` using the secret created for AWS authentication in step 1. ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/clustersecretstore-yaml.jpg) -**3. Create a secret in the application using ESO AWS Secrets Manager:** +**3. Create a secret in the application using ESO AWS Secrets Manager** Go to the application where you want to create an external secret. Navigate to secrets section under application configuration and create a secret using ESO AWS Secrets Manager. diff --git a/docs/user-guide/creating-application/eso/hashicorp-eso.md b/docs/user-guide/creating-application/eso/hashicorp-eso.md new file mode 100644 index 0000000000..c6feff0467 --- /dev/null +++ b/docs/user-guide/creating-application/eso/hashicorp-eso.md @@ -0,0 +1,59 @@ +# HashiCorp Vault + +To incorporate secrets from **HashiCorp Vault**, you need to create a generic Kubernetes secret that will be used for vault authentication. This involves creating a Kubernetes secret in the specific namespace where your application will be deployed. +The secret should store the base64-encoded password or token obtained from vault. To simplify the process, you can utilize the Devtron generic chart. An example yaml is given below: + +```yaml +apiVersion: v1 +kind: Secret +type: Opaque +data: + token: +metadata: + name: vault-token + namespace: +``` + +**Note**: Please note that you don't need to create the Kubernetes secret every time you create an External Secret for the corresponding namespace. + +Once you have created the generic secret, follow these steps in the application's Secrets section: + +**1. Create a new secret** + +To add a new secret to the application, go to the `App Configuration` section of the application. Then, navigate to the left pane and select the `Secrets` option and click the **Add Secret** button. + +![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-add-secret.jpg) + +**2. Select `HashiCorp Vault` as the External Secret Operator** + +After clicking the **Add Secret** button, select `HashiCorp Vault` from the dropdown menu for the `Data type` option. Provide a name for the secret you are creating, and then proceed to configure the external secret as described in the next step. + +![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-secret-type.jpg) + +**3. Configure the secret** + +To configure the external secret that will be fetched from HashiCorp Vault for your application, you will need to provide specific details using the following key-value pairs: + +![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-secret-configure.jpg) + + +| Key | Description | +| :--- | :--- | +| `vault.server` | Server is the connection address for the Vaultserver, e.g: "https://vault.example.com:8200" | +| `vault.path` | Specify the path where the secret is stored in Vault | +| `tokenSecretRef.name` | Enter the name of the secret that will be used for authentication | +| `tokenSecretRef.key` | Specify the key name within the secret that contains the token | +| `secretKey` | Provide a name for the secret in Kubernetes | +| `key` | Enter the name of the secret in Vault | +| `property` | Specify the key within the Vault secret | + +![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/tokenSecretRef.jpg) + +![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/secrets/hc-eso.jpg) + +**4. Save the secret** + +After configuring the external secret from HashiCorp Vault, proceed to save the secret by clicking the **Save** button. + +By following the steps mentioned above and configuring these values correctly, you can seamlessly fetch and utilize external secrets from HashiCorp Vault within your application environment by deploying the application. +