Skip to content

DOC-5279 started redesign of secrets pages#1634

Open
andy-stark-redis wants to merge 3 commits into
mainfrom
DOC-5279-rdi-external-secrets
Open

DOC-5279 started redesign of secrets pages#1634
andy-stark-redis wants to merge 3 commits into
mainfrom
DOC-5279-rdi-external-secrets

Conversation

@andy-stark-redis

@andy-stark-redis andy-stark-redis commented May 29, 2025

Copy link
Copy Markdown
Contributor

DOC-5279

I don't know much about the secret providers or the rotation mechanism (unless you can point me to the relevant info for RDI) but I've added a starting point for future discussion:

  • I've renamed "Deploy a pipeline" to "Set secrets", since most of the page was about the secrets anyway. I've moved the deployment instructions back to the config page for now.
  • I've added a skeleton page for external providers (but as I say, I don't know anything about them yet). If there is not going to be enough info to require a separate page, then we could just add this to "Set secrets".
  • Another option is to add a new section about authentication. We could maybe have the table of secret names and an overview in the index page and then have separate pages for VM, K8s, and external providers, if that works better.

All input welcome :-)

I'll fix up links from other pages when we're clearer about the structure we want for this. Also, I've got a few changes in mind for the data pipeline config page (including the ones suggested by ChatGPT), but I'll make a separate PR for those.


Note

Low Risk
Documentation-only restructure and new draft pages; no application code or published API behavior changes, though the external-providers page is incomplete pending dev input.

Overview
RDI data-pipeline docs are reorganized so secret setup is no longer embedded in Deploy a pipeline.

A new set-secrets.md page holds the full secret-name table and VM, rdi-secret.sh, and kubectl instructions that were removed from deploy.md. deploy.md now only covers deployment (Redis Insight and redis-di deploy) and points readers to Set secrets as a prerequisite.

A new secret-providers.md page (marked work-in-progress) introduces K8s external secret providers (Vault and AWS Secrets Manager): secret-providers in config.yaml, ${secret:...} references, and a brief note on secret rotation from RDI 1.10.0+, with TODO sections for dev confirmation.

Cross-links in pipeline-config.md, spanner.md, and deploy.md now target set-secrets (and the kubectl anchor on that page) instead of deploy#set-secrets.

Reviewed by Cursor Bugbot for commit e7c32e1. Bugbot is set up for automated code reviews on this repo. Configure here.

@mich-elle-luna

Copy link
Copy Markdown
Collaborator

can this be closed?

@andy-stark-redis

Copy link
Copy Markdown
Contributor Author

@mich-elle-luna Yeah, I think so - this never really got going and only has minimal content anyway. We could start again if the team wants to revive this.

@CLAassistant

CLAassistant commented Jun 26, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@andy-stark-redis andy-stark-redis requested review from mortensi and removed request for yaronp68 June 26, 2026 12:46
Merging origin/main (~3,700 commits ahead) into this long-dormant branch
looked like a routine conflict fix, but main had reorganized the same pages
in parallel. DOC-5282 deleted data-pipelines.md and split it into _index.md
plus pipeline-config.md, while this branch was splitting deploy.md into a
standalone set-secrets.md and a new secret-providers.md. The branch's rename
had consumed deploy.md and parked the "Deploy a pipeline" content in
data-pipelines.md, which main then deleted, so resolving the markers
mechanically would have removed the deploy page entirely and broken every
site-wide relref pointing at it. Resolved by layering the branch's secrets
split on top of main's config split: deploy.md kept as a deploy-only page,
set-secrets.md rebuilt from main's expanded secret content with the branch's
improved intro, and the deploy#set-secrets references rerouted to the new page.

Learned: stale-branch conflicts can be a parallel restructure of the same files, not a mechanical merge; naive marker resolution here would have silently deleted the deploy page and broken links.
Constraint: deploy.md must stay a standalone page - site-wide relrefs to data-pipelines/deploy depend on it.
Rejected: folding deploy into _index.md (the branch's original shape) | breaks 8 site-wide .../deploy links and diverges from main's layout.
Directive: secret-providers.md Vault and AWS sections are empty stubs - fill them before this ships.
Gaps: verified only with the shortcode link-checker (0 issues); no full Hugo build run.
Ticket: DOC-5279
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@jit-ci

jit-ci Bot commented Jun 26, 2026

Copy link
Copy Markdown

🛡️ Jit Security Scan Results

CRITICAL HIGH MEDIUM

✅ No security findings were detected in this PR


Security scan by Jit

Drafted the Vault and AWS sections of secret-providers.md from the
secret-provider request-body example in reference/api-reference/openapi.json,
because the config-yaml-reference page and the live docs only document the bare
skeleton (type plus an objects array whose items have "no properties"). The
Vault params (vaultAddress, roleName, and the objectName/secretPath/secretKey
object fields) come from that API example, which also carries a placeholder
"someField", so the field list is provisional; AWS Secrets Manager has no
documented params at all, so its section is just a question block. Open
questions are left as visible blockquote TODOs so the RDI team can comment
inline on the PR.

Learned: concrete secret-provider params came from openapi.json, not the config-yaml-reference page or live docs, which are sparse.
Directive: the TODO blockquotes are open questions for the RDI team - do not remove or fill them without their confirmation.
Ticket: DOC-5279
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants