Skip to content

docs: nautobot token creation flow #1312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: nautobot token creation flow #1312

wants to merge 1 commit into from
+128 −0

Conversation

haseebsyed12
Copy link
Contributor

No description provided.

@haseebsyed12 haseebsyed12 requested a review from a team October 8, 2025 02:09
skrobul
skrobul reviewed Oct 8, 2025
View reviewed changes
docs/deploy-guide/nautobot-secrets.md Outdated

1. Service account details are stored in **Vault (PasswordSafe)**.
2. A **Kubernetes Secret** is generated in the `nautobot` namespace.
3. **Argo Events** detects the secret creation or update based on the [label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's worth mentioning what the label explicitly here to save the user a need to visit the link

Suggested change
3. **Argo Events** detects the secret creation or update based on the [label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19).
3. **Argo Events** detects the secret creation or update based on the [`token/type=nautobot` label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19).

docs/deploy-guide/nautobot-secrets.md

**High-level Flow:**

1. Service account details are stored in **Vault (PasswordSafe)**.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which PasswordSafe? Where is this configured? How can operators figure out which project to add the service accounts to? What is the syntax?

Consider adding some generic example of a fake credential - I think that would help

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will be adding syntax but shall I add password safe details too ? since this repo is public

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. It should have some generic backend.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall I remove mention of Passwordsafe from this doc ?

docs/deploy-guide/nautobot-secrets.md Outdated
## Usage Flow Summary

1. Add or update service account credentials in **Vault / PasswordSafe**.
2. Vault sync process generates a **Kubernetes Secret** in `nautobot` namespace.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the sync process remove the secrets that have been removed from Vault/PasswordSafe too?
It's fine if it doesn't, but we probably should mention it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we do not remove. updated it in doc.

@haseebsyed12 haseebsyed12 force-pushed the docs-nautobot-secrets branch from f7c9477 to d5d1185 Compare October 8, 2025 09:47
@haseebsyed12 haseebsyed12 requested review from skrobul and cardoe October 8, 2025 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skrobul skrobul Awaiting requested review from skrobul

@cardoe cardoe Awaiting requested review from cardoe

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@haseebsyed12 @cardoe @skrobul @syedhaseebahmed