Update dsf docs

Praqma · Aug 9, 2022 · 51dc1e6 · 51dc1e6
1 parent 28d697e
commit 51dc1e6
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/desired_state_specification.md b/docs/desired_state_specification.md
@@ -113,6 +113,13 @@ The following options can be skipped if your kubectl context is already created
 - **msTeamsWebhook** : a [Microsoft Teams](https://www.microsoft.com/pl-pl/microsoft-teams/group-chat-software) Webhook URL to receive Helmsman notifications. This can be passed directly or in an environment variable.
 - **reverseDelete** : if set to `true` it will reverse the priority order whilst deleting.
 - **namespaceLabelsAuthoritative** : if set to `true` it will remove all the namespace's labels that are not defined in DSL for particular namespace
+- **vaultEnabled**: if set to `true` it will use [helm-vault](https://github.com/Just-Insane/helm-vault) to decrypt secret files instead of using default helm-secrets
+- **vaultDeliminator**: secret deliminator used when parsing value files. See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
+- **vaultPath**: vault path (secret mount location in Vault). See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
+- **vaultMountPoint**: vault secret engine mount point. See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
+- **vaultTemplate**: substring with path to vault key instead of deliminator. See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
+- **vaultKvVersion**: version of the KV secrets engine in Vault. See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
+- **vaultEnvironment**: environment that secrets should be stored under. See [helm-vault](https://github.com/Just-Insane/helm-vault#available-flags) docs
 - **eyamlEnabled** : if set to `true` it will use [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml) to decrypt secret files instead of using default helm-secrets based on sops
 - **eyamlPrivateKeyPath** : if set with path to the eyaml private key file, it will use it instead of looking for default one in ./keys directory relative to where Helmsman were run. It needs to be defined in conjunction with eyamlPublicKeyPath.
 - **eyamlPublicKeyPath** : if set with path to the eyaml public key file, it will use it instead of looking for default one in ./keys directory relative to where Helmsman were run. It needs to be defined in conjunction with eyamlPrivateKeyPath.
@@ -137,6 +144,7 @@ kubeContext = "minikube"
 # eyamlEnabled = true
 # eyamlPrivateKeyPath = "../keys/custom-key.pem"
 # eyamlPublicKeyPath = "../keys/custom-key.pub"
+# vaultEnabled = false
 # [settings.globalHooks]
 #   successCondition= "Complete"
 #   deleteOnSuccess= true
@@ -158,6 +166,7 @@ settings:
   # eyamlEnabled: true
   # eyamlPrivateKeyPath: ../keys/custom-key.pem
   # eyamlPublicKeyPath: ../keys/custom-key.pub
+  # vaultEnabled: false
   # globalHooks:
   #   successCondition: "Complete"
   #   deleteOnSuccess: true