docs: nautobot token creation flow #1312
Conversation
|
|
||
| 1. Service account details are stored in **Vault (PasswordSafe)**. | ||
| 2. A **Kubernetes Secret** is generated in the `nautobot` namespace. | ||
| 3. **Argo Events** detects the secret creation or update based on the [label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19). |
There was a problem hiding this comment.
I think it's worth mentioning what the label explicitly here to save the user a need to visit the link
| 3. **Argo Events** detects the secret creation or update based on the [label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19). | |
| 3. **Argo Events** detects the secret creation or update based on the [`token/type=nautobot` label](https://github.com/rackerlabs/understack/blob/main/workflows/nautobot/eventsources/k8s-secret-nautobot-token.yaml#L19). |
|
|
||
| **High-level Flow:** | ||
|
|
||
| 1. Service account details are stored in **Vault (PasswordSafe)**. |
There was a problem hiding this comment.
Which PasswordSafe? Where is this configured? How can operators figure out which project to add the service accounts to? What is the syntax?
Consider adding some generic example of a fake credential - I think that would help
There was a problem hiding this comment.
I will be adding syntax but shall I add password safe details too ? since this repo is public
There was a problem hiding this comment.
No. It should have some generic backend.
There was a problem hiding this comment.
shall I remove mention of Passwordsafe from this doc ?
There was a problem hiding this comment.
It would make sense to just call it something like "Secret Management Backend" and then optionally explain that it may be Vault, AKV, PasswordSafe and so on
haseebsyed12
force-pushed
the
docs-nautobot-secrets
branch
from
f7c9477 to
d5d1185
Compare
No description provided.