Open
Conversation
- Add configuration/secret-files.md: @secret:file: feature, supported resources, security, rotation - Add external-secret-stores/ guides for HashiCorp Vault and Azure Key Vault via Secrets Store CSI Driver - Update SUMMARY.md with new pages
| File["/run/secrets/client-secret"] -->|read at runtime| Aidbox | ||
| Aidbox -->|stores reference| DB["@secret:file:/run/secrets/client-secret"] | ||
|
|
||
| style File fill:#326CE5,stroke:#326CE5,color:#fff |
Collaborator
There was a problem hiding this comment.
use this skill https://github.com/HealthSamurai/documentation/blob/master/.claude/skills/diagram.md and rewrite styles
|
|
||
| | Environment variable | Description | Default | | ||
| | --- | --- | --- | | ||
| | `AIDBOX_SECRET_FILES_ENABLED` | Enables `@secret:file:` resolution. When disabled, values with this prefix are rejected on save. | `false` | |
Collaborator
There was a problem hiding this comment.
add link to settings reference here. if env name changes and no one will change it here, the link is useful. also link is good if reference has more additional details
| | Environment variable | Description | Default | | ||
| | --- | --- | --- | | ||
| | `AIDBOX_SECRET_FILES_ENABLED` | Enables `@secret:file:` resolution. When disabled, values with this prefix are rejected on save. | `false` | | ||
| | `AIDBOX_SECRET_FILES_DIRS` | Comma-separated list of directories from which secret files can be loaded. File references outside these directories are rejected. | empty (no restriction) | |
|
|
||
| # Azure Key Vault | ||
|
|
||
| This guide covers mounting secrets from [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) into Aidbox using the Azure Key Vault CSI Provider. For the general concept and CSI Driver installation, see [External secret stores](./). |
Collaborator
There was a problem hiding this comment.
[External secret stores](./)
wrong link?
|
|
||
| # Azure Key Vault | ||
|
|
||
| This guide covers mounting secrets from [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) into Aidbox using the Azure Key Vault CSI Provider. For the general concept and CSI Driver installation, see [External secret stores](./). |
Collaborator
There was a problem hiding this comment.
If this is a guide, it must be in /tutorial then?
|
|
||
| ## Prerequisites | ||
|
|
||
| * Secrets Store CSI Driver installed ([instructions](./#install-the-secrets-store-csi-driver)) |
| CSI -->|mounts as file| Pod["/run/secrets/client-secret"] | ||
| Pod -->|reads at runtime| Aidbox["Aidbox (@secret:file:/run/secrets/client-secret)"] | ||
|
|
||
| style Vault fill:#0078D4,stroke:#0078D4,color:#fff |
|
|
||
| This guide covers mounting secrets from [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) into Aidbox using the Azure Key Vault CSI Provider. For the general concept and CSI Driver installation, see [External secret stores](./). | ||
|
|
||
| ## Prerequisites |
Contributor
There was a problem hiding this comment.
I think we need to mention K8s cluster in prerequisites
| kubectl exec deploy/aidbox -- cat /run/azure-secrets/client-secret | ||
| ``` | ||
|
|
||
| Aidbox detects the file modification and uses the new value on the next request — no restart required. |
Contributor
There was a problem hiding this comment.
Let's add a See Also section with a link to secret-files.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
configuration/secret-files.md— documents the@secret:file:feature: supported resources (Client, IdentityProvider, TokenIntrospector, AidboxTopicDestination), configuration, security, rotationexternal-secret-stores/section under Run Aidbox on Kubernetes — guides for HashiCorp Vault and Azure Key Vault via Secrets Store CSI DriverTest plan