Skip to content

Commit

Permalink
Add custom tags section to sync overview, denote normalized values (#…
Browse files Browse the repository at this point in the history 
…27757)

* Add custom tags section to sync overview, specifically call out normalizing names and tags

* Update website/content/docs/sync/index.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Fix typo

---------

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>
  • Loading branch information
@robmonte @tvoran
robmonte and tvoran committed Jul 11, 2024
1 parent 0936355 commit 7b72548
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions website/content/docs/sync/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,8 @@ association object returned by the endpoint and, upon failure, includes an error
## Name template

By default, the name of synced secrets follows this format: `vault/<accessor>/<secret-path>`. The casing and delimiters
may change according to the valid character set of each destination type. This pattern was chosen to prevent accidental
name collisions and to clearly identify where the secret is coming from.
may change as they are normalized according to the valid character set of each destination type. This pattern was chosen to
prevent accidental name collisions and to clearly identify where the secret is coming from.

Every destination allows you to customize this name pattern by configuring a `secret_name_template` field to best suit
individual use cases. The templates use a subset of the go-template syntax for extra flexibility.
Expand Down Expand Up @@ -142,6 +142,12 @@ Name templates can be updated. The new template is only effective for new secret
not affect the secrets synced with the previous template. It is possible to update an association to force a recreate operation.
The secret synced with the old template will be deleted and a new secret using the new template version will be synced.

## Custom tags

A destination can also have custom tags so that every secret associated to it that is synced will share that same set of tags.
Additionally, a default tag value of `hashicorp:vault` is used to denote any secret that is synced via Vault Enterprise. Similar
to secret names, tag keys and values are normalized according to the valid character set of each destination type.

## Granularity

Vault KV-v2 secrets are multi-value and their data is represented in JSON. Multi-value secrets are useful to bundle closely
Expand Down

0 comments on commit 7b72548

Please sign in to comment.