DOC-5279 started redesign of secrets pages#1634
Open
andy-stark-redis wants to merge 3 commits into
Open
Conversation
Contributor
Collaborator
|
can this be closed? |
Contributor
Author
|
@mich-elle-luna Yeah, I think so - this never really got going and only has minimal content anyway. We could start again if the team wants to revive this. |
Merging origin/main (~3,700 commits ahead) into this long-dormant branch looked like a routine conflict fix, but main had reorganized the same pages in parallel. DOC-5282 deleted data-pipelines.md and split it into _index.md plus pipeline-config.md, while this branch was splitting deploy.md into a standalone set-secrets.md and a new secret-providers.md. The branch's rename had consumed deploy.md and parked the "Deploy a pipeline" content in data-pipelines.md, which main then deleted, so resolving the markers mechanically would have removed the deploy page entirely and broken every site-wide relref pointing at it. Resolved by layering the branch's secrets split on top of main's config split: deploy.md kept as a deploy-only page, set-secrets.md rebuilt from main's expanded secret content with the branch's improved intro, and the deploy#set-secrets references rerouted to the new page. Learned: stale-branch conflicts can be a parallel restructure of the same files, not a mechanical merge; naive marker resolution here would have silently deleted the deploy page and broken links. Constraint: deploy.md must stay a standalone page - site-wide relrefs to data-pipelines/deploy depend on it. Rejected: folding deploy into _index.md (the branch's original shape) | breaks 8 site-wide .../deploy links and diverges from main's layout. Directive: secret-providers.md Vault and AWS sections are empty stubs - fill them before this ships. Gaps: verified only with the shortcode link-checker (0 issues); no full Hugo build run. Ticket: DOC-5279 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🛡️ Jit Security Scan Results✅ No security findings were detected in this PR
Security scan by Jit
|
Drafted the Vault and AWS sections of secret-providers.md from the secret-provider request-body example in reference/api-reference/openapi.json, because the config-yaml-reference page and the live docs only document the bare skeleton (type plus an objects array whose items have "no properties"). The Vault params (vaultAddress, roleName, and the objectName/secretPath/secretKey object fields) come from that API example, which also carries a placeholder "someField", so the field list is provisional; AWS Secrets Manager has no documented params at all, so its section is just a question block. Open questions are left as visible blockquote TODOs so the RDI team can comment inline on the PR. Learned: concrete secret-provider params came from openapi.json, not the config-yaml-reference page or live docs, which are sparse. Directive: the TODO blockquotes are open questions for the RDI team - do not remove or fill them without their confirmation. Ticket: DOC-5279 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DOC-5279
I don't know much about the secret providers or the rotation mechanism (unless you can point me to the relevant info for RDI) but I've added a starting point for future discussion:
All input welcome :-)
I'll fix up links from other pages when we're clearer about the structure we want for this. Also, I've got a few changes in mind for the data pipeline config page (including the ones suggested by ChatGPT), but I'll make a separate PR for those.
Note
Low Risk
Documentation-only restructure and new draft pages; no application code or published API behavior changes, though the external-providers page is incomplete pending dev input.
Overview
RDI data-pipeline docs are reorganized so secret setup is no longer embedded in Deploy a pipeline.
A new
set-secrets.mdpage holds the full secret-name table and VM,rdi-secret.sh, andkubectlinstructions that were removed fromdeploy.md.deploy.mdnow only covers deployment (Redis Insight andredis-di deploy) and points readers to Set secrets as a prerequisite.A new
secret-providers.mdpage (marked work-in-progress) introduces K8s external secret providers (Vault and AWS Secrets Manager):secret-providersinconfig.yaml,${secret:...}references, and a brief note on secret rotation from RDI 1.10.0+, with TODO sections for dev confirmation.Cross-links in
pipeline-config.md,spanner.md, anddeploy.mdnow targetset-secrets(and the kubectl anchor on that page) instead ofdeploy#set-secrets.Reviewed by Cursor Bugbot for commit e7c32e1. Bugbot is set up for automated code reviews on this repo. Configure here.