-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DOC-767 Add secret management to RPCN in Cloud (#138)
* add secret management * update style of placeholders * address review comments * update with review comments * typo * package update for Bloblang playground
- Loading branch information
Showing
3 changed files
with
221 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
219 changes: 219 additions & 0 deletions
219
modules/develop/pages/connect/configuration/secret-management.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,219 @@ | ||
| = Manage Secrets | ||
| :description: Learn how to manage secrets in Redpanda Connect using the Cloud UI or Data Plane API, and how to add them to your data pipelines. | ||
|
|
||
| Learn how to manage secrets in Redpanda Connect, and how to add them to your data pipelines without exposing them. | ||
|
|
||
| Secrets are stored in the secret management solution of your Cloud provider and are retrieved when you run a pipeline configuration that references them. | ||
|
|
||
| == Prerequisites | ||
|
|
||
| * A running BYOC, Dedicated or Serverless cluster | ||
| * On BYOC clusters only, check that secrets management is enabled: | ||
|
|
||
| .. Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| .. Go to the **Connect** page. | ||
| .. Select the **Redpanda Connect** tab and make sure you can see a **Secrets** tab. | ||
|
|
||
| + | ||
| If you cannot see a **Secrets** tab, contact https://support.redpanda.com/hc/en-us/requests/new[Redpanda Support^] | ||
|
|
||
| == Manage secrets | ||
|
|
||
| You can manage secrets from the Cloud UI or Data Plane API. | ||
|
|
||
| === Create a secret | ||
|
|
||
| You can create a secret and reference it in multiple data pipelines on the same cluster. | ||
|
|
||
| [tabs] | ||
| ===== | ||
| Cloud UI (BYOC and Dedicated):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Redpanda Connect** tab and then the **Secrets** tab. | ||
| . Click **Create secret**. | ||
| . In **Secret name**, enter a name for the secret. You cannot rename the secret once it is created. | ||
| . In **Secret value**, enter the secret you need to add. | ||
| . Click **Create secret**. | ||
| + | ||
| The secret details are listed in the **Secrets** tab ready to <<add-a-secret-to-a-data-pipeline,add to your data pipelines>>. | ||
| -- | ||
| Cloud UI (Serverless):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Secrets** tab and click **Create secret**. | ||
| . In **Secret name**, enter a name for the secret. You cannot rename the secret once it is created. | ||
| . In **Secret value**, enter the secret you need to add. | ||
| . Click **Create secret**. | ||
| + | ||
| The secret details are listed in the **Secrets** tab ready to <<add-a-secret-to-a-data-pipeline,add to your data pipelines>>. | ||
| -- | ||
| Data Plane API:: | ||
| + | ||
| -- | ||
| You must use a Base64-encoded secret. | ||
| . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API. | ||
| . Make a request to xref:api:ROOT:cloud-api.adoc#post-/v1alpha2/secrets[`POST /v1alpha2/secrets`]. | ||
| + | ||
| [,bash] | ||
| ---- | ||
| curl -X POST "https://<dataplane-api-url>/v1alpha2/secrets" \ | ||
| -H 'accept: application/json'\ | ||
| -H 'authorization: Bearer <token>'\ | ||
| -H 'content-type: application/json' \ | ||
| -d '{"id":"<secret-name>","scopes":["SCOPE_REDPANDA_CONNECT"],"secret_data":"<secret-value>"}' | ||
| ---- | ||
| + | ||
| You must include the following values: | ||
| - `<dataplane-api-url>`: The base URL for the Data Plane API. | ||
| - `<token>`: The API key you generated during authentication. | ||
| - `<secret-name>`: The ID or name of the secret you want to add. Use only the following characters: `^[A-Z][A-Z0-9_]*$`. | ||
| - `<secret-value>`: The Base64-encoded secret. | ||
| - This scope: `"SCOPE_REDPANDA_CONNECT"`. | ||
| + | ||
| The response returns the name of the secret and the scope `"SCOPE_REDPANDA_CONNECT"`. | ||
| You can now <<add-a-secret-to-a-data-pipeline,add the secret to your data pipeline>>. | ||
| -- | ||
| ===== | ||
|
|
||
| === Update a secret | ||
|
|
||
| You can only update the secret value, not its name. | ||
|
|
||
| NOTE: Changes to secret values do not take effect until a pipeline is restarted. | ||
|
|
||
| [tabs] | ||
| ===== | ||
| Cloud UI (BYOC and Dedicated):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Redpanda Connect** tab and then the **Secrets** tab. | ||
| . Find the secret you want to update and click the edit icon. | ||
| . Enter the new secret value and click **Update Secret**. | ||
| . Start and stop any pipelines that reference the secret. | ||
| -- | ||
| Cloud UI (Serverless):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Secrets** tab. | ||
| . Find the secret you want to update and click the edit icon. | ||
| . Enter the new secret value and click **Update Secret**. | ||
| . Start and stop any pipelines that reference the secret. | ||
| -- | ||
| Data Plane API:: | ||
| + | ||
| -- | ||
| You must use a Base64-encoded secret. | ||
| . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API. | ||
| . Make a request to xref:api:ROOT:cloud-api.adoc#put-/v1alpha2/secrets/-id-[`PUT /v1alpha2/secrets/\{id}`]. | ||
| + | ||
| [,bash] | ||
| ---- | ||
| curl -X PUT "https://<dataplane-api-url>/v1alpha2/secrets/<secret-name>" \ | ||
| -H 'accept: application/json'\ | ||
| -H 'authorization: Bearer <token>'\ | ||
| -H 'content-type: application/json' \ | ||
| -d '{"scopes":["SCOPE_REDPANDA_CONNECT"],"secret_data":"<secret-value>"}' | ||
| ---- | ||
| + | ||
| You must include the following values: | ||
| - `<dataplane-api-url>`: The base URL for the Data Plane API. | ||
| - `<secret-name>`: The name of the secret you want to update. | ||
| - `<token>`: The API key you generated during authentication. | ||
| - This scope: `"SCOPE_REDPANDA_CONNECT"`. | ||
| - `<secret-value>`: Your new Base64-encoded secret. | ||
| + | ||
| The response returns the name of the secret and the scope `"SCOPE_REDPANDA_CONNECT"`. | ||
| -- | ||
| ===== | ||
|
|
||
| === Delete a secret | ||
|
|
||
| Before you delete a secret, make sure that you remove references to it from your data pipelines. | ||
|
|
||
| NOTE: Changes do not affect pipelines that are already running. | ||
|
|
||
|
|
||
| [tabs] | ||
| ===== | ||
| Cloud UI (BYOC and Dedicated):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Redpanda Connect** tab and then the **Secrets** tab. | ||
| . Find the secret you want to remove and click the delete icon. | ||
| . Confirm your deletion. | ||
| -- | ||
| Cloud UI (Serverless):: | ||
| + | ||
| -- | ||
| . Log in to https://cloud.redpanda.com[Redpanda Cloud^]. | ||
| . Go to the **Connect** page. | ||
| . Select the **Secrets** tab. | ||
| . Find the secret you want to remove and click the delete icon. | ||
| . Confirm your deletion. | ||
| -- | ||
| Data Plane API:: | ||
| + | ||
| -- | ||
| . xref:manage:api/cloud-api-quickstart.adoc#try-the-cloud-api[Authenticate and get the base URL] for the Data Plane API. | ||
| . Make a request to xref:api:ROOT:cloud-api.adoc#delete-/v1alpha2/secrets/-id-[`DELETE /v1alpha2/secrets/\{id}`]. | ||
| + | ||
| [,bash] | ||
| ---- | ||
| curl -X DELETE "https://<dataplane-api-url>/v1alpha2/secrets/<secret-name>" \ | ||
| -H 'accept: application/json'\ | ||
| -H 'authorization: Bearer <token>'\ | ||
| ---- | ||
| + | ||
| You must include the following values: | ||
| - `<dataplane-api-url>`: The base URL for the Data Plane API. | ||
| - `<secret-name>`: The name of the secret you want to delete. | ||
| - `<token>`: The API key you generated during authentication. | ||
| -- | ||
| ===== | ||
|
|
||
| == Add a secret to a data pipeline | ||
|
|
||
| You can add a secret to any pipeline in your cluster using the notation `${secrets.SECRET_NAME}`. In the Cloud UI, you can copy the notation from the **Secrets** tab. | ||
|
|
||
| For example: | ||
|
|
||
| ```yml | ||
| sasl: | ||
| - mechanism: SCRAM-SHA-256 | ||
| username: "user" | ||
| password: "${secrets.PASSWORD}" | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters