HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1763409136
##########
docs/en/latest/admin-api.md:
##########
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+#### When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}
+```
+
+Example API usage:
+
+```shell
+curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \
+-H "X-API-KEY: $admin_key" -X PUT -d '
+{
+ "endpoint_url": "http://127.0.0.1:4566";,
+ "region": "us-east-1",
+ "access_key_id": "access",
+ "secret_access_key": "secret",
+ "session_token": "token"
+}'
+```
+
+```shell
+HTTP/1.1 200 OK
+...
+
+{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"}
+```
+
+#### When Secret Manager is GCP
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| auth_config | True | object | Either `auth_config` or `auth_file` must be
provided. | |
+| auth_config.client_email | True | string | Email address of the Google Cloud
service account. | |
+| auth_config.private_key | True | string | Private key of the Google Cloud
service account. | |
+| auth_config.project_id | True | string | Project ID in the Google Cloud
service account. | |
+| auth_config.token_uri | False | string | Token URI of the Google Cloud
service account. |
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) |
+| auth_config.entries_uri | False | string | The API access endpoint for the
Google Secrets Manager. |
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
+| auth_config.scope | False | string | Access scopes of the Google Cloud
service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
+| auth_file | True | string | Path to the Google Cloud service account
authentication JSON file. Either `auth_config` or `auth_file` must be provided.
| |
+| ssl_verify | False | boolean | When set to `true`, enables SSL verification
as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
true |
+
+Example Configuration:
+
+```shell
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
