[Docs] Add documentation for username_template feature in AWS Secrets Engine (#12310)

* add username_template docs * remove backticks * update default template to be readable * undo markdown block * add md block to render indents
2025-11-01 19:17:58 +00:00 · 2021-08-11 14:51:00 -07:00
parent 5ba50d927d
commit 68c12c6e10
1 changed files with 16 additions and 0 deletions
--- a/website/content/api-docs/secret/aws.mdx
+++ b/website/content/api-docs/secret/aws.mdx
@@ -58,6 +58,22 @@ valid AWS credentials with proper permissions.

 - `sts_endpoint` `(string: <optional>)` – Specifies a custom HTTP STS endpoint to use.

+- `username_template` `(string: <optional>)` - [Template](/docs/concepts/username-templating) describing how
+  dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) 
+  and STS usernames (capped at 32 characters). Longer usernames result in a 500 error.
+
+  To ensure generated usernames are within length limits for both STS/IAM, the template must adequately handle
+  both conditional cases (see [Conditional Templates](https://pkg.go.dev/text/template)). As an example, if no template
+  is provided the field defaults to the template:
+
+  ```
+  {{ if (eq .Type "STS") }}
+      {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+  {{ else }}
+      {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+  {{ end }}
+  ```
+
 ### Sample Payload

 ```json