[DOCS] Add GUI for Azure Secret Engine configuration #29647
+78
−12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
|
Build Results: |
schavis
requested changes
Feb 14, 2025
| ```shell | ||
| <Tabs> | ||
|
|
||
| <Tab heading="Vault CLI"> |
There was a problem hiding this comment.
Suggested change
| <Tab heading="Vault CLI"> | |
| <Tab heading="CLI"> |
| $ vault secrets enable azure | ||
| Success! Enabled the azure secrets engine at: azure/ | ||
| ``` | ||
|
|
||
| By default, the secrets engine will mount at the name of the engine. To | ||
| enable the secrets engine at a different path, use the `-path` argument. | ||
|
|
||
| </Tab> | ||
|
|
||
| <Tab heading="Vault UI"> |
There was a problem hiding this comment.
Suggested change
| <Tab heading="Vault UI"> | |
| <Tab heading="GUI"> |
| </Tab> | ||
|
|
||
| <Tab heading="Vault UI"> | ||
|
|
There was a problem hiding this comment.
We should use screenshots sparingly. Generally, we want to pick one "hero" screenshot that helps folks orient themselves in the GUI to make sure they're looking at the right screen.
Comment on lines
+56
to
+70
| 1. Open the web UI for your Vault instance. | ||
| 1. Select **Secret Engines** from the left-hand menu. | ||
| 1. Right click **Enable new engine** on the Secret Engines page. | ||
| 1. Select **Azure**. | ||
| 1. Click **Next**. | ||
| 1. Set the mount path for the Azure plugin. For example, `azure`. | ||
| 1. If you are an Enterprise user configuring Workload Identity Federation, you can add the Identity Token Key during the mounting process through the UI. | ||
| - Click **Method Options**. | ||
| - Click on the **Identity Token Key** input. If you have **list** permissions to the `identity/oidc/key` you will see a dropdown of available keys. You can create your own if one does not exists. | ||
|  | ||
| - If you do not have **list** permissions to `identity/oidc/key` you can input your own key name. | ||
|  | ||
|
|
||
| 1. Click **Enable engine**. | ||
| 1. Click **Save** to enable the plugin. |
There was a problem hiding this comment.
Suggested change
| 1. Open the web UI for your Vault instance. | |
| 1. Select **Secret Engines** from the left-hand menu. | |
| 1. Right click **Enable new engine** on the Secret Engines page. | |
| 1. Select **Azure**. | |
| 1. Click **Next**. | |
| 1. Set the mount path for the Azure plugin. For example, `azure`. | |
| 1. If you are an Enterprise user configuring Workload Identity Federation, you can add the Identity Token Key during the mounting process through the UI. | |
| - Click **Method Options**. | |
| - Click on the **Identity Token Key** input. If you have **list** permissions to the `identity/oidc/key` you will see a dropdown of available keys. You can create your own if one does not exists. | |
|  | |
| - If you do not have **list** permissions to `identity/oidc/key` you can input your own key name. | |
|  | |
| 1. Click **Enable engine**. | |
| 1. Click **Save** to enable the plugin. | |
|  | |
| You must have `list` permission on the `identity/oidc/key` endpoint to view | |
| existing workload identity federation (WIF) identity token keys during setup. | |
| 1. Open the web UI for your Vault instance. | |
| 1. Login under the target namespace or choose the target namespace from the | |
| selector at the bottom of the left-hand menu and re-authenticate. | |
| 1. Select **Secrets Engines** from the left-hand menu. | |
| 1. Click **Enable new engine +** on the **Secrets Engines** page. | |
| 1. Select **Azure**. | |
| 1. Click **Next**. | |
| 1. Set the mount path for the Azure plugin. For example, `azure`. | |
| 1. If you use WIF, add the identity token key: | |
| - Click **Method Options**. | |
| - Click **Identity Token Key**. | |
| - Enter your new key name or select one from the token key list. | |
| 1. Click **Enable engine**. | |
| 1. Click **Save** to enable the plugin. |
In general, we want to keep how-to guides simple by focusing on the optimal path and simplifying the instructions.
| ```shell | ||
| <Tabs> | ||
|
|
||
| <Tab heading="Vault CLI"> |
There was a problem hiding this comment.
Suggested change
| <Tab heading="Vault CLI"> | |
| <Tab heading="CLI"> |
| @@ -56,28 +88,60 @@ management tool. | |||
|
|
|||
| Success! Data written to: azure/config | |||
| ``` | |||
| </Tab> | |||
|
|
|||
| <Tab heading="Vault UI"> | |||
There was a problem hiding this comment.
Suggested change
| <Tab heading="Vault UI"> | |
| <Tab heading="GUI"> |
Comment on lines
+95
to
+99
| 1. Click **Configure** from the Azure secret engine configuration view. | ||
|  | ||
| 1. On the configuration form enter your configuration information. If you are an Enterprise user, you will see the option to select Access Type. | ||
|  | ||
| 1. Save your changes. |
There was a problem hiding this comment.
Suggested change
| 1. Click **Configure** from the Azure secret engine configuration view. | |
|  | |
| 1. On the configuration form enter your configuration information. If you are an Enterprise user, you will see the option to select Access Type. | |
|  | |
| 1. Save your changes. | |
|  | |
| 1. Open the web UI for your Vault instance. | |
| 1. Login under the target namespace or choose the target namespace from the | |
| selector at the bottom of the left-hand menu and re-authenticate. | |
| 1. Select **Secrets Engines** from the left-hand menu. | |
| 1. Select your `azure` plugin you want to update. | |
| 1. Click **Configure**. | |
| 1. Enter your configuration information. | |
| 1. Set the access type <EnterpriseAlert inline="true"> | |
| 1. Save your changes. |
| $ vault write azure/config \ | ||
| subscription_id=$AZURE_SUBSCRIPTION_ID \ | ||
| tenant_id=$AZURE_TENANT_ID \ | ||
| client_id=$AZURE_CLIENT_ID \ | ||
| identity_token_audience=$TOKEN_AUDIENCE | ||
| ``` | ||
|
|
||
| </Tab> | ||
|
|
||
| <Tab heading="Vault UI"> |
There was a problem hiding this comment.
Suggested change
| <Tab heading="Vault UI"> | |
| <Tab heading="GUI"> |
| [plugin workload identity federation](#plugin-workload-identity-federation-wif) | ||
| (WIF) as shown below. | ||
|
|
||
| <Note> Workload identity federation is only available with Vault Enterprise. </Note> |
There was a problem hiding this comment.
Suggested change
| <Note> Workload identity federation is only available with Vault Enterprise. </Note> |
We should use the "enterprise-only" or "enterprise-and-hcp" partials at the top of the relevant section/page rather than adding an adhoc alert here.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Vercel preview of Azure Secret engine docs