shreemaan-abhishek commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1762285546
##########
docs/en/latest/admin-api.md:
##########
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+#### When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
Review Comment:
```suggestion
```json
```
##########
docs/en/latest/admin-api.md:
##########
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+#### When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
Review Comment:
The example column seems redundant. I would suggest using the following
table instead:
```suggestion
| Parameter | Required | Type | Description
|
| ----------------- | -------- | ------ |
--------------------------------------------------------------------------- |
| access_key_id | True | string | AWS Access Key ID
|
| secret_access_key | True | string | AWS Secret Access Key
|
| session_token | False | string | Temporary access credential
information |
| region | False | string | AWS Region
|
| endpoint_url | False | URI | AWS Secret Manager URL (e.g:
https://secretsmanager.{region}.amazonaws.com) |
```
##########
docs/en/latest/admin-api.md:
##########
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+#### When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}
+```
+
+Example API usage:
+
+```shell
+curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \
+-H "X-API-KEY: $admin_key" -X PUT -d '
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}'
+```
+
+```shell
+HTTP/1.1 200 OK
+...
+
+{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"}
+```
+
+#### When Secret Manager is GCP
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| auth_config | True | object | Either `auth_config` or `auth_file` must be
provided. | |
+| auth_config.client_email | True | string | Email address of the Google Cloud
service account. | |
+| auth_config.private_key | True | string | Private key of the Google Cloud
service account. | |
+| auth_config.project_id | True | string | Project ID in the Google Cloud
service account. | |
+| auth_config.token_uri | False | string | Token URI of the Google Cloud
service account. |
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) |
+| auth_config.entries_uri | False | string | The API access endpoint for the
Google Secrets Manager. |
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
+| auth_config.scope | False | string | Access scopes of the Google Cloud
service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
+| auth_file | True | string | Path to the Google Cloud service account
authentication JSON file. Either `auth_config` or `auth_file` must be provided.
| |
+| ssl_verify | False | boolean | When set to `true`, enables SSL verification
as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
true |
+
+Example Configuration:
+
+```shell
Review Comment:
```suggestion
```json
```
##########
docs/en/latest/admin-api.md:
##########
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+#### When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}
+```
+
+Example API usage:
+
+```shell
+curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \
+-H "X-API-KEY: $admin_key" -X PUT -d '
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}'
+```
+
+```shell
+HTTP/1.1 200 OK
+...
+
+{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"}
+```
+
+#### When Secret Manager is GCP
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| auth_config | True | object | Either `auth_config` or `auth_file` must be
provided. | |
+| auth_config.client_email | True | string | Email address of the Google Cloud
service account. | |
+| auth_config.private_key | True | string | Private key of the Google Cloud
service account. | |
+| auth_config.project_id | True | string | Project ID in the Google Cloud
service account. | |
+| auth_config.token_uri | False | string | Token URI of the Google Cloud
service account. |
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) |
+| auth_config.entries_uri | False | string | The API access endpoint for the
Google Secrets Manager. |
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
+| auth_config.scope | False | string | Access scopes of the Google Cloud
service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
+| auth_file | True | string | Path to the Google Cloud service account
authentication JSON file. Either `auth_config` or `auth_file` must be provided.
| |
+| ssl_verify | False | boolean | When set to `true`, enables SSL verification
as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
true |
Review Comment:
Table formatting.
```suggestion
| Parameter | Required | Type | Description
| Example
|
| ------------------------ | -------- | ------- |
---------------------------------------------------------------------------------------------------------------------------------------------------------
|
------------------------------------------------------------------------------------------------
|
| auth_config | True | object | Either `auth_config` or
`auth_file` must be provided.
|
|
| auth_config.client_email | True | string | Email address of the
Google Cloud service account.
|
|
| auth_config.private_key | True | string | Private key of the Google
Cloud service account.
|
|
| auth_config.project_id | True | string | Project ID in the Google
Cloud service account.
|
|
| auth_config.token_uri | False | string | Token URI of the Google
Cloud service account.
|
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token)
|
| auth_config.entries_uri | False | string | The API access endpoint
for the Google Secrets Manager.
|
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
| auth_config.scope | False | string | Access scopes of the
Google Cloud service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
| auth_file | True | string | Path to the Google Cloud
service account authentication JSON file. Either `auth_config` or `auth_file`
must be provided. |
|
| ssl_verify | False | boolean | When set to `true`,
enables SSL verification as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake).
| true
|
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
