docs(srv): add SEM x Jobs documentation MTA-5199

Author: SamyOubouaziz

faq/serverless-jobs.mdx

@@ -66,7 +66,7 @@ Serverless Jobs are billed on a pay-as-you-go basis, strictly on resource consum
     * *Billed resources:* 864 000 - 400 000 = 464 000 GB-s
     * *Cost:* 464 000 * €0.0000010 = **€0.47**
 * **vCPU consumption**
-    * *Allocated vCPU conversion:* 1120mVCPU = 1.12 vCPU
+    * *Allocated vCPU conversion:* 1120 mVCPU = 1.12 vCPU
     * *Resource consumption:* 432 000 s * 1.12 vCPU =  483 840 vCPU-s
     * *Free tier:* 200 000 vCPU-s
     * *Billed resources:* 483 840 - 200 000 = 283 840 vCPU-s
@@ -119,4 +119,8 @@ skopeo copy --override-os linux docker://docker.io/alpine:latest docker://rg.fr-
 
 Scaleway Serverless Jobs does not currently support Scaleway VPC or Private Networks, though this feature is under development.
 
-To add network restrictions on your resource, consult the [list of prefixes used at Scaleway](https://www.scaleway.com/en/peering/). Serverless resources do not have dedicated or predictable IP addresses.
+To add network restrictions on your resource, consult the [list of prefixes used at Scaleway](https://www.scaleway.com/en/peering/). Serverless resources do not have dedicated or predictable IP addresses.
+
+## Can I securely use sensitive information with Serverless Jobs?
+
+Yes, you can use sensitive data such as API secret keys, passwords, TLS/SSL certificates, or tokens. Serverless Jobs seamlessly integrates with [Secret Manager](/identity-and-access-management/secret-manager/), which allows you to securely reference sensible information within your jobs. Refer to the [dedicated documentation](/serverless/jobs/how-to/reference-secret-in-job/) for more information.

menu/navigation.json

@@ -3929,6 +3929,10 @@
                     "label": "Manage the scheduling of a job",
                     "slug": "manage-job-schedule"
                   },
+                  {
+                    "label": "Reference secrets in a job",
+                    "slug": "reference-secret-in-job"
+                  },
                   {
                     "label": "Delete a job",
                     "slug": "delete-job"

serverless/jobs/concepts.mdx

@@ -53,6 +53,10 @@ The maximum duration option allows you to define the maximum execution time befo
 
 A schedule (cron) is a mechanism used to automatically start a Serverless Job at a specific time on a recurring schedule. It works similarly to a traditional Linux cron job, using the `* * * * *` format. Refer to our [cron schedules reference](/serverless/jobs/reference-content/cron-schedules/) for more information.
 
+## Secrets reference
+
+A secret reference is a mechanism that allows you to use a secret stored in [Secret Manager](/identity-and-access-management/secret-manager/) within Serverless Jobs. It allows you to securely reference sensitive data, such as API secret keys, passwords, tokens, or certificates. 
+
 ## Startup command
 
 This optional field allows you to specify a custom command executed upon starting your job if your container image does not have one already, or if you use a public container image.

serverless/jobs/how-to/create-job-from-external-registry.mdx

@@ -39,6 +39,7 @@ Private external container registries are currently not supported.
     - Choose the **resources** to be allocated to your job at runtime. These define the performance characteristics of your job.
     - Optionally, add a **cron schedule** in the `* * * * *` format, and select your time zone to run your job periodically. Refer to the [cron schedules documentation](/serverless/jobs/reference-content/cron-schedules/) for more information.
     - Define any **environment variables** you want to inject into your job in the advanced options. For each environment variable, click **+Add new variable** and enter the key/value pair.
+    - Add the desired [secret references](/serverless/jobs/how-to/reference-secret-in-job/) to your job
     - Add a **startup command** to your job. It will be executed every time your job is run.
     - Set a **maximum duration** to your job to stop it automatically if it does not complete within this limit.
     - Verify the **estimated cost**.

serverless/jobs/how-to/create-job-from-scaleway-registry.mdx

@@ -34,6 +34,7 @@ Scaleway's Serverless Jobs allows you to create jobs from several container [reg
     - Choose the **resources** to be allocated to your job at runtime. These define the performance characteristics of your job.
     - Add a **cron schedule** in the `* * * * *` format, and select your time zone to run your job periodically. Refer to the [cron schedules documentation](/serverless/jobs/reference-content/cron-schedules/) for more information.
     - Define any **environment variables** you want to inject into your job in the advanced options. For each environment variable, click **+Add new variable** and enter the key/value pair.
+    - Add the desired [secret references](/serverless/jobs/how-to/reference-secret-in-job/) to your job.
     - Add a **startup command** to your job. It will be executed every time your job is run.
     - Set a **maximum duration** to your job to stop it automatically if it does not complete within this limit.
     - Verify the **estimated cost**.

serverless/jobs/how-to/reference-secret-in-job.mdx

@@ -0,0 +1,78 @@
+---
+meta:
+  title: How to reference secrets in Serverless Jobs
+  description: Steps to reference secrets from Secret Manager in your Serverless Jobs.
+content:
+  h1:  How to reference secrets in Serverless Jobs
+  paragraph: Steps to reference secrets from Secret Manager in your Serverless Jobs.
+tags: serverless jobs secrets secret-manager reference environment variable
+dates:
+  validation: 2024-10-27
+  posted: 2024-10-27
+categories:
+  - serverless
+  - jobs
+---
+
+Serverless Jobs seamlessly integrates with [Secret Manager](/identity-and-access-management/secret-manager/), which allows you to store, manage, and access sensitive information, such as credentials, SSH keys, SSL/TLS certificates, or any key/value pairs you need to secure.
+
+You can reference any secret stored in Secret Manager in a job, without having to hardcode any sensible data.
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- [Created a Serverless Job](/serverless/jobs/how-to/create-job-from-scaleway-registry/)
+- [Created a secret](/identity-and-access-management/secret-manager/how-to/create-secret/)
+
+## Add a secret to a job
+
+1. Click **Jobs** in the **Serverless** section of the side menu. The jobs page displays.
+
+2. Click the name of the job to which you want to add a secret, then open the **Settings** tab.
+
+3. In the **Secrets references** section, click **+ Add secret reference**. A pop-up displays.
+
+4. Select the secret you want to reference, and the desired version, then click **Select reference method**.
+
+5. Select the desired reference method:
+
+  - **File**: copies the encrypted value of your secret to a file stored at the indicated location within your container. This method is recommended for large or complex data. For example, if your secret is a certificate, you can store it as a file in the `/my-certificates` folder in your container.
+
+  - **Environment variable**: passes the encrypted value of your secret to your job as a variable. This method is recommended for small information, such as passwords, or API secret keys. For example, if you name this variable `MY_SECRET`, calling `$MY_SECRET` in your container will return the value of the selected secret in a secure way.
+
+6. Click **Add reference** to add the secret to your Serverless Job. Optionally, tick the **Add another reference** to add a new secret right away, then repeat steps 4 to 6.
+
+The secret is now referenced in your Serverless Job, and can be used within the container.
+
+## Update a secret in a job
+
+1. Click **Jobs** in the **Serverless** section of the side menu. The jobs page displays.
+
+2. Click the name of the job for which you want to update a secret, then open the **Settings** tab.
+
+3. In the **Secret references** section, click the <Icon name="edit" /> icon next to the secret reference you want to update. A pop-up displays.
+
+4. Update the secret version if needed, then click **Update** to save your changes, or click **Select reference method** to continue.
+
+5. Either update the location of the file, or the name of the environment, variable then click **Update reference** to confirm your changes.
+
+<Message type="note">
+You cannot change the reference method of an existing secret. To do so, delete the secret reference within the job, then create it again with the desired reference method.
+</Message>
+
+## Delete a secret reference from a job
+
+1. Click **Jobs** in the **Serverless** section of the side menu. The jobs page displays.
+
+2. Click the name of the job for which you want to delete a secret, then open the **Settings** tab.
+
+3. In the **Secret references** section, click the <Icon name="delete" /> icon next to the secret reference you want to delete. A confirmation pop-up displays.
+
+4. Click **Delete reference** to confirm.
+
+The secret is no longer referenced in your Serverless Job.
+
+<Message type="note">
+Deleting a secret from the **Settings** tab of a job only deletes the secret reference, not the secret itself. To permanently delete a secret, follow [this procedure](/identity-and-access-management/secret-manager/how-to/delete-secret/).
+</Message>

serverless/jobs/quickstart.mdx

@@ -62,10 +62,12 @@ This page explains how to create a job definition with the latest Alpine Linux i
 
 3. From the **Overview** tab, click **Run job**.
 
-The execution appears in the **Job runs** section of the **Overview** tab.
+  The execution appears in the **Job runs** section of the **Overview** tab.
+
+4. Click <Icon name="more"> next to the last execution in the **Job runs** section, then click **Logs** to access your job's logs.
 
 <Message type="note">
-  Refer to [How to monitor a job](/serverless/jobs/how-to/monitor-job/) to see the logs of the job you just executed.
+  Make sure that you [retrieved your Grafana credentials](/observability/cockpit/how-to/retrieve-grafana-credentials/) before accessing your job's logs.
 </Message>
 
 ## How to delete a job