From 8f6e4f192334d426969ab2ee4973429203e6890c Mon Sep 17 00:00:00 2001 From: Andreas Gruhler Date: Fri, 22 Oct 2021 17:27:24 +0200 Subject: [PATCH] Clarify docs for CSI provider secretArgs (#12570) --- .../docs/platform/k8s/csi/configurations.mdx | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/website/content/docs/platform/k8s/csi/configurations.mdx b/website/content/docs/platform/k8s/csi/configurations.mdx index e6d6e948e..77ce7bcba 100644 --- a/website/content/docs/platform/k8s/csi/configurations.mdx +++ b/website/content/docs/platform/k8s/csi/configurations.mdx @@ -75,6 +75,15 @@ The following parameters are supported by the Vault provider: - `method` `(string: "GET")` - The type of HTTP request. Supported values include "GET" and "PUT". - `secretPath` `(string: "")` - The path in Vault where the secret is located. + For secrets that are retrieved via HTTP GET method, the `secretPath` can include optional URI parameters, + for example, the [version of the KV2 secret](https://www.vaultproject.io/api/secret/kv/kv-v2#read-secret-version): + + ```yaml + objects: | + - objectName: "app-secret" + secretPath: "secret/data/test?version=1" + secretKey: "password" + ``` - `secretKey` `(string: "")` - The key in the Vault secret to extract. If omitted, the whole response from Vault will be written as JSON. @@ -86,3 +95,7 @@ The following parameters are supported by the Vault provider: common_name: 'test.example.com' ttl: '24h' ``` + + ~> `secretArgs` are sent as part of the HTTP request body. Therefore, they are only effective for HTTP PUT/POST requests, for instance, + the [request used to generate a new certificate](https://www.vaultproject.io/api/secret/pki#generate-certificate). + To supply additional parameters for secrets retrieved via HTTP GET, include optional URI paramters in [`secretPath`](#secretpath). \ No newline at end of file