Make Hashicorp Vault related doc pages clearer
@gitlab-com/pipeline-security-group @marcel.amirault Just opening this up for discussion.
There are a few documentation pages related to the topic of authenticating with HashiCorp Vault:
- https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/
- https://docs.gitlab.com/ee/ci/secrets/
- https://docs.gitlab.com/ee/ci/yaml/#secretsvault
- https://docs.gitlab.com/ee/integration/vault.html
These pages cover a few similar sounding topics, but not exactly the same:
- Authenticating to HashiCorp Vault using
jwt
auth method (free feature). To add to the confusion, Vault'sjwt
auth method accepts both JWT and OIDC id tokens. - Using secrets from HashiCorp Vault in a CI job natively, using
secrets:vault
keyword (premium feature). - Using GitLab as an OIDC provider for Vault's
oidc
auth method for browser based authentication into Vault. This has nothing to do with CI.
I'm wondering how we can make these pages clearer.
Edited by Albert