InseeFrLab · pengfei99 · Oct 31, 2022
diff --git a/step-by-step/README.md b/step-by-step/README.md
@@ -260,14 +260,55 @@ vault write auth/jwt/role/onyxia-user \
     policies="onyxia-kv"
 ```
 
+At last, we need to add cors policy 
+
+The official doc can be found [here](https://developer.hashicorp.com/vault/api-docs/system/config-cors)
+
+```shell
+# get current core settings
+curl --header "X-Vault-Token: <your-vault-root-token>" https://vault.demo.insee.io/v1/sys/config/cors
+```
+
+To update the core setting, we need to use `POST` on `/sys/config/cors`
+
+Below is an example payload
+
+```json
+{
+    "allowed_origins": "https://onyxia.demo.insee.io",
+    "allowed_headers": "X-Custom-Header"
+}
+
+```
+> don't forget to use the complete url (https://...). The `allowed_headers` is useful when you have custom headers which you want vault to accept. The standard headers are added by default.  
+
+Sample request
+
+```shell
+# add your 
+curl \
+    --header "X-Vault-Token: <your-vault-root-token>" \
+    --request POST \
+    --data @cors.json \
+    https://vault.demo.insee.io/v1/sys/config/cors
+```
+
 ### Link Vault to Onyxia
 
-In Onyxia's UI configuration, we only need to set `VAULT_URL: https://vault.demo.insee.io` :
+You need to add below lines under `api.regions.vault` in your onyxia helm config file
+
+```yaml
+"vault": { 
+                "URL": "https://vault.demo.insee.io",
+                "kvEngine": "onyxia-kv",
+                "role": "onyxia-user"
+        },
+```
 
-[5-vault.yaml](values/5-vault.yaml)
+A full example can be found here [5-vault.yaml](values/5-vault.yaml)
 
 ```
 helm upgrade onyxia inseefrlab/onyxia -f values/5-vault.yaml
 ```
 
-If you used other values for the engine or role than the default one, also specify the corresponding env variable : `VAULT_KV_ENGINE=onyxia-kv` and `VAULT_ROLE=onyxia-user`.
+> If you used other values for the engine or role than the default one, you need to modify the value of : `kvEngine` and `role`.
diff --git a/step-by-step/values/5-vault.yaml b/step-by-step/values/5-vault.yaml
@@ -12,41 +12,46 @@ ui:
     OIDC_CLIENT_ID: onyxia-client
     OIDC_URL: https://keycloak.demo.insee.io/auth
     MINIO_URL: https://minio.demo.insee.io
-    VAULT_URL: https://vault.demo.insee.io
+
 api:
   env:
     keycloak.realm: onyxia-demo
     keycloak.auth-server-url: https://keycloak.demo.insee.io/auth
     authentication.mode: "openidconnect"
     springdoc.swagger-ui.oauth.clientId: onyxia-client
   regions: [
-{
-  "id": "demo",
-  "name": "Demo",
-  "description": "This is a demo region, feel free to try Onyxia !",
-  "services": {
-    "type": "KUBERNETES",
-    "singleNamespace": false,
-    "namespacePrefix": "user-",
-    "usernamePrefix": "oidc-",
-    "groupNamespacePrefix": "projet-",
-    "groupPrefix": "oidc-",
-    "authenticationMode": "admin",
-    "expose": { "domain": "demo.insee.io" },
-    "monitoring": { "URLPattern": "todo" },
-    "cloudshell": {
-      "catalogId": "inseefrlab-helm-charts-datascience",
-      "packageName": "cloudshell"
-    },
-      "initScript": "https://git.lab.sspcloud.fr/innovation/plateforme-onyxia/services-ressources/-/raw/master/onyxia-init.sh"
-    },
-    "data": { 
-      "S3": { 
-        "URL": "todo", 
-        "monitoring": { "URLPattern": "todo" } 
-      } 
-    },
-    "auth": { "type": "openidconnect" },
-    "location": { "lat": 48.8164, "long": 2.3174, "name": "Montrouge (France)" }
-  }
-]
+    {
+      "id": "demo",
+      "name": "Demo",
+      "description": "This is a demo region, feel free to try Onyxia !",
+      "services": {
+        "type": "KUBERNETES",
+        "singleNamespace": false,
+        "namespacePrefix": "user-",
+        "usernamePrefix": "oidc-",
+        "groupNamespacePrefix": "projet-",
+        "groupPrefix": "oidc-",
+        "authenticationMode": "admin",
+        "expose": { "domain": "demo.insee.io" },
+        "monitoring": { "URLPattern": "todo" },
+        "cloudshell": {
+          "catalogId": "inseefrlab-helm-charts-datascience",
+          "packageName": "cloudshell"
+        },
+          "initScript": "https://git.lab.sspcloud.fr/innovation/plateforme-onyxia/services-ressources/-/raw/master/onyxia-init.sh"
+        },
+        "data": { 
+          "S3": { 
+            "URL": "todo", 
+            "monitoring": { "URLPattern": "todo" } 
+          } 
+        },
+        "vault": { 
+                    "URL": "https://vault.demo.insee.io",
+                    "kvEngine": "onyxia-kv",
+                    "role": "onyxia-user"
+            },
+        "auth": { "type": "openidconnect" },
+        "location": { "lat": 48.8164, "long": 2.3174, "name": "Montrouge (France)" }
+      }
+    ]