jmuehlner commented on code in PR #243: URL: https://github.com/apache/guacamole-manual/pull/243#discussion_r1731618075
########## src/vault.md: ########## @@ -170,6 +174,28 @@ All other configuration properties are optional. secret. This is optional, and by default it is false - domains will not be stripped from the username. +`ksm-allow-user-config` +: Whether or not users should be allowed to set their own KSM configuration, + which will be used to pull secrets _only_ when not already provided by the + global or connection-group-level KSM configuration. I.E. a user-level KSM + configuration will never be used if a matching secret is otherwise available. + +#### User and Connection Group KSM Configuration + +In addition to the required global `ksm-config` configuration blob, Guacamole +can also be configured with user or connection group KSM configuration, which +will pull additional secrets _only_ when not already available. If a secret can +be pulled using the `ksm-config` global KSM config, it will always be used. +Failing that, if a secret is available using the connection grop config, that +value will be used. Only when neither the global or containing connection group +KSM configs define a secret will the user KSM config be used. Note also that +user KSM configs will be disabled unless ``ksm-allow-user-config` is set to true. + +These KSM config values can be set directly in the webapp, on the connection Review Comment: Should I include screenshots of the edit pages for these? I could see them being useful, but it'd also be pretty cluttered if we included screenshots like this all the time. The screenshots would look something like the following:   -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
