Add rotate root docs for azure secrets (#19187)

This commit is contained in:
Raymond Ho 2023-02-15 13:07:42 -08:00 committed by GitHub
parent c6a455c92f
commit 91446e129e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

3
changelog/19187.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
website/docs: Add rotate root documentation for azure secrets engine
```

View File

@ -103,6 +103,20 @@ This endpoint generates a renewable set of credentials. The application can logi
using the `client_id`/`client_secret` and will have access provided by configured service using the `client_id`/`client_secret` and will have access provided by configured service
principal or the Azure roles set in the "my-role" configuration. principal or the Azure roles set in the "my-role" configuration.
## Root Credential Rotation
If the mount is configured with credentials directly, the credential's key may be
rotated to a Vault-generated value that is not accessible by the operator.
This will ensure that only Vault is able to access the "root" user that Vault uses to
manipulate dynamic & static credentials.
```shell-session
vault write -f azure/rotate-root
```
For more details on this operation, please see the
[Root Credential Rotation](/vault/api-docs/secret/azure#rotate-root) API docs.
## Roles ## Roles
Vault roles let you configure either an existing service principal or a set of Azure roles, along with Vault roles let you configure either an existing service principal or a set of Azure roles, along with