Merge pull request open-horizon#79 from dabooz/issue78

Issue 78 - First pass at secrets manager doc updates
unnati914 · Jul 22, 2021 · 5781090 · 5781090
2 parents d765617 + b95659c
commit 5781090
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -266,4 +266,4 @@ DEPENDENCIES
   github-pages
 
 BUNDLED WITH
-   2.1.4
+   2.2.24
diff --git a/README.md b/README.md
@@ -75,6 +75,7 @@ Change to the repository directory on your computer and execute the following co
 NOTE: The first time you run locally, and any time the `Gemfile.lock` file is updated, run `bundle install` before the step below to install or update any required Jekyll modules.
 
 ```
+bundle install
 bundle exec jekyll serve
 ```
 

diff --git a/docs/getting_started/overview_oh.md b/docs/getting_started/overview_oh.md
@@ -50,6 +50,7 @@ The {{site.data.keyword.ieam}} management hub is designed specifically for edge
 |Exchange|2.54.0|The Exchange provides a REST API to all of the {{site.data.keyword.ieam}} resources (patterns, policies, services, nodes, and so on) used by all the other components in {{site.data.keyword.ieam}}.|
 |MMS|1.4.1|The Model Management System (MMS) facilitates the storage, delivery, and security of models and files needed by edge services. This enables edge nodes to easily send and receive models and files to and from the management hub.|
 |SDO|1.8.6|The Secure Device Onboarding (SDO) service enables SDO-enabled edge devices to be configured with zero touch.|
+|Secrets Manager|1.0.0|The Secrets Manager is the repository for secrets deployed to edge devices, enabling services to securely receive credentials used to authenticate to their upstream dependencies.|
 |**Edge node**| |Any edge device, edge cluster, or edge gateway where edge computing takes place.|
 |Edge cluster agent|2.27.0|The agent that is installed on edge clusters to enable node workload management by {{site.data.keyword.ieam}}.|
 |Edge device agent|2.27.0|The agent that is installed on edge devices to enable node workload management by {{site.data.keyword.ieam}}.|

diff --git a/docs/getting_started/overview_sm.md b/docs/getting_started/overview_sm.md
@@ -0,0 +1,24 @@
+---
+
+copyright:
+years: 2021
+lastupdated: "2021-07-20"
+
+---
+
+{:new_window: target="blank"}
+{:shortdesc: .shortdesc}
+{:screen: .screen}
+{:codeblock: .codeblock}
+{:pre: .pre}
+{:child: .link .ulchildlink}
+{:childlinks: .ullinks}
+
+# Overview of Secrets Manager
+{: #overviewofsm}
+
+Services deployed to the edge often require access to cloud services, which means the service needs credentials to authenticate to the cloud service. The Secrets Manager provides a secure mechanism which allows credentials to be stored, deployed and managed without exposing the details within {{site.data.keyword.ieam}} metadata (e.g. service definitions and policies), or to other users in the system that should not have access to the secret. The Secrets Manager is a pluggable component of {{site.data.keyword.ieam}}. Currently, HashiCorp Vault is the only supported Secrets Manager.
+
+A secret is a userid/password, certificate, RSA key, or any other credential that grants access to a protected resource which an edge application needs in order to perform it's function. Secrets are stored in the Secrets Manager. A secret has a name, which is used to identify the secret, but which provides no information about the details of the secret itself. Secrets are administered by the {{site.data.keyword.ieam}} CLI or by an administrator, using the Secrets Manager's UI or CLI.
+
+A service developer declares the need for a secret within an {{site.data.keyword.ieam}} service definition. The service deployer attaches (or binds) a secret from the Secrets Manager to the deployment of the service, by associating the service with a secret from the Secrets Manager. For example; suppose a developer needs to access to the XYZ cloud service via basic auth. The developer updates the {{site.data.keyword.ieam}} service definition to include a secret called myCloudServiceCred. The service deployer sees that the service requires a secret in order to deploy it, and is aware of a secret in the Secrets Manager named cloudServiceXYZSecret that contains basic auth credentials. The service deployer updates the deployment policy (or pattern) to indicate that the service's secret named myCloudServiceCreds should contain the credentials from the Secrets Manager secret named cloudServiceXYZSecret. When the service deployer publishes the deployment policy (or pattern), {{site.data.keyword.ieam}} will securely deploy the details of cloudServiceXYZSecret to all edge nodes that are compatible with the deployment policy (or pattern).
diff --git a/docs/index.html b/docs/index.html
@@ -59,6 +59,9 @@ <h3 class="linklistlabel ibm-h3 ibm-textcolor-blue-50">Overview</h3>
 							  <li class="ibm-link-description">
 								  <a href="getting_started/overview_oh.html">Overview of {{site.data.keyword.edge_abbr}}</a>
 							  </li>
+							  <li class="ibm-link-description">
+								  <a href="getting_started/overview_sm.html">Secrets Manager</a>
+							  </li>
 						  </ul>
 					  </div>
 				  </div>
-Original file line number
+Diff line change
@@ Expand Up / @@ -266,4 +266,4 @@ DEPENDENCIES @@
       github-pages
     BUNDLED WITH
-.1.4
+.2.24