Merge pull request #12703 from RasaHQ/ATO-1230-vault-namespaces-docs

[ATO-1230] Add docs for Vault namespaces
RasaHQ · Aug 8, 2023 · 16a8034 · 16a8034
2 parents 78c4a31 + 6abd765
commit 16a8034
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/changelog/12703.doc.md b/changelog/12703.doc.md
@@ -0,0 +1 @@
+Document support for Vault namespaces.
diff --git a/docs/docs/secrets-managers.mdx b/docs/docs/secrets-managers.mdx
@@ -66,6 +66,15 @@ and through `endpoints.yml` configuration file.
 Environment variables and `endpoints.yml` configuration file are merged together
 and **the values from the environment variables take precedence**.
 
+:::info New in 3.7
+Vault namespaces can be used to isolate secrets. You can
+configure a namespace with the `VAULT_NAMESPACE` environment variable or the `namespace` key in secrets_manager
+section of the `endpoints.yml` file.
+To learn more about namespaces,
+check out the [Vault namespaces docs](https://developer.hashicorp.com/vault/docs/enterprise/namespaces).
+:::
+
+
 The following environment variables are available:
 
 | Environment Variable          | Description                                                                                    | Default               |
@@ -75,6 +84,7 @@ The following environment variables are available:
 | `VAULT_TOKEN`                 | **Required**. token to authenticate to the vault server                                        |                       |
 | `VAULT_RASA_SECRETS_PATH`     | Path to the secrets in the vault server                                                        | `rasa-secrets`        |
 | `VAULT_TRANSIT_MOUNT_POINT`   | If transit secrets engine is enabled, set this to mount point of the transit engine            |                       |
+| `VAULT_NAMESPACE`             | If namespaces are used, set this to the path of the namespace                                  |                       |
 
 To configure the Vault secrets manager, you can fill the following section in `endpoints.yml` file:
 ```yaml-rasa title="endpoints.yml
@@ -84,6 +94,7 @@ secrets_manager:
     url: "http://localhost:1234" # required - the address of the vault server
     secrets_path: rasa-secrets  # path to the secrets in the vault server if not set it defaults to `rasa-secrets`
     transit_mount_point: transit # if transit secrets engine is enabled, set this to mount point of the transit engine
+    namespace: my-namespace # if namespaces are used, set this to the path of the namespace
 ```
 
 #### Store access credentials in environment variables
@@ -103,6 +114,7 @@ secrets_manager:
     url: "http://localhost:1234"
     secrets_path: rasa-secrets  # if not set it defaults to `rasa-secrets`
     transit_mount_point: transit # if you have enabled transit secrets engine, and you want to use it
+    namespace: my-namespace # if namespaces are used, set this to the path of the namespace
 ```
 
 ### How to configure Tracker Store with Vault Secrets Manager