scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 12:07:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs/vault 23837/sync doc update (#25433)

Browse Source 
* + documented the new sync API options
This commit is contained in:
Max Coulombe
2024-02-17 14:58:50 -05:00
committed by GitHub
parent 7ad778541e
commit b33e37df84
3 changed files with 158 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
website/content/docs/sync/github.mdx
View File

@@ -122,12 +122,13 @@ or the association in Vault will delete the secret in GitHub as well.
<Note>
GitHub only supports single value secrets, so KVv2 secrets from Vault will be stored as a JSON string.
In the example above, the value for secret "my-secret" will be synced to GitHub as the JSON string `{"foo":"bar"}`.
In the example above, the value for secret "my-secret" will be synced to GitHub as the JSON string `{"foo":"bar"}` if the
destination is configured to use the `secret-path` [granularity level](/vault/docs/sync#granularity).
</Note>
It is strongly advised to mask individual values for each sub-key to prevent the unintended disclosure of secrets
in any GitHub Action outputs. The following snippet illustrates how to mask each secret values:
If using the secret-path granularity, it is strongly advised to mask individual values for each sub-key to prevent the
unintended disclosure of secrets in any GitHub Action outputs. The following snippet illustrates how to mask each secret values:
```yaml
name: Mask synced secret values
@@ -146,6 +147,8 @@ in any GitHub Action outputs. The following snippet illustrates how to mask each
done
```
If the GitHub destination uses the default `secret-key` granularity, the values are masked by GitHub automatically.
## API
Please see the [secrets sync API](/vault/api-docs/system/secrets-sync) for more details.