From 663e9383e14d992c2e4341d44221edbdcd519588 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Tue, 25 Mar 2025 15:10:22 +0100
Subject: [PATCH 1/7] install updates

---
 content/en/docs/private-platform/pmp-quickstart.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index 46d3aa7d142..a67ca973f97 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -24,7 +24,7 @@ Before starting the installation process, make sure that you have all the necess
 * A domain.
 * For the PCLM component:
 
-    * Mendix Operator in version 2.11.0 or above
+    * Mendix Operator in version 2.21.0 or above
     * A dedicated Postgres or SQLServer database server with public accessibility set to **Yes**.
 
 * Optionally, if your Private Mendix Platform app requires its own certificate: a TLS certificate with HTTPS support.

From 347c179f30e09bc9b9221e563de983f38615122d Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Tue, 25 Mar 2025 15:10:53 +0100
Subject: [PATCH 2/7] updates

---
 content/en/docs/private-platform/pmp-quickstart.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index a67ca973f97..1a0184d1541 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -11,6 +11,12 @@ aliases:
 
 This document provides a comprehensive guide for installing Private Mendix Platform, along with its optional components, in your own Kubernetes environment.
 
+We provide installer to integrated with AWS Secret manager , users can store some configuration at aws secret manager without set up storageplan/database plan/ pclm admin and mxadmin info  in installer : Refer Kubernetes Secrets Store CSI Driver  to install  AWS  provider at your cluster;  
+ 
+{{% alert color="info" %}}
+Using a secret storage incorrectly may reduce the security of your app. Consult with your secrets store provider to ensure that it is set up securely for your production environment.  
+{{% /alert %}}
+
 ### Prerequisites {#prerequisites}
 
 Private Mendix Platform depends on Mendix for Private Cloud for the installation and deployment of Mendix apps.

From 034b5d109c23c20cdbe97e978a8c90660b36d082 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Wed, 26 Mar 2025 10:16:01 +0100
Subject: [PATCH 3/7] updates

---
 content/en/docs/private-platform/pmp-quickstart.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index 1a0184d1541..6a18ce8af70 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -11,7 +11,7 @@ aliases:
 
 This document provides a comprehensive guide for installing Private Mendix Platform, along with its optional components, in your own Kubernetes environment.
 
-We provide installer to integrated with AWS Secret manager , users can store some configuration at aws secret manager without set up storageplan/database plan/ pclm admin and mxadmin info  in installer : Refer Kubernetes Secrets Store CSI Driver  to install  AWS  provider at your cluster;  
+The installer is integrated with the AWS Secrets Manager , users can store some configuration at aws secret manager without set up storageplan/database plan/ pclm admin and mxadmin info  in installer : Refer Kubernetes Secrets Store CSI Driver  to install  AWS  provider at your cluster;  
  
 {{% alert color="info" %}}
 Using a secret storage incorrectly may reduce the security of your app. Consult with your secrets store provider to ensure that it is set up securely for your production environment.  

From af1d415927cdb1548a81deddc9711e3626098049 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Wed, 26 Mar 2025 16:00:30 +0100
Subject: [PATCH 4/7] updates

---
 content/en/docs/private-platform/pmp-quickstart.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index 6a18ce8af70..acd114392bf 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -11,7 +11,7 @@ aliases:
 
 This document provides a comprehensive guide for installing Private Mendix Platform, along with its optional components, in your own Kubernetes environment.
 
-The installer is integrated with the AWS Secrets Manager , users can store some configuration at aws secret manager without set up storageplan/database plan/ pclm admin and mxadmin info  in installer : Refer Kubernetes Secrets Store CSI Driver  to install  AWS  provider at your cluster;  
+The installer is integrated with the AWS Secrets Manager. If required, you can store some configuration in the the AWS Secrets Manager without setting up a storage plan, database plan, PCLM admin and Mendix admin info in the Private Mendix Platform installer.
  
 {{% alert color="info" %}}
 Using a secret storage incorrectly may reduce the security of your app. Consult with your secrets store provider to ensure that it is set up securely for your production environment.  
@@ -46,7 +46,9 @@ Before starting the installation process, make sure that you have all the necess
     * An existing PostgreSQL database instance.
     * An optional Redis server version 6.2.0 or higher, for the task queue and cache. Using Redis is recommended for high availability, where you expect a high volume of webhook calls, or if you have multiple Svix servers. As a best practice, enable persistence in Redis so that tasks are persisted across Redis server restarts and upgrades.
 
-## Installing and Configuring the Mendix Operator
+* If you plan to use the AWS Secret Manager, install an AWS provider at your cluster, as described in [Kubernetes Secrets Store CSI Driver](https://secrets-store-csi-driver.sigs.k8s.io/).
+
+## Installing and Configuring the Mendix Operator {#install-operator}
 
 To install and configure the Mendix Operator, perform the following steps:
 
@@ -231,7 +233,8 @@ Install the Private Mendix Platform by doing the following steps:
 3. Click **Configure**, and then specify the following parameters:
 
     * **AppName** - The default app name is `mxplatform`. You can change it as required.
-    * **DatabasePlan/Storageplan** - The name of the plan that you created previously.
+    * **DatabasePlan** - If you want to use AWS Secret Manager, select **USE-Secret-Provider**; the installer then uses the database configuration set in AWS Secret Manager. Otherwise, enter the name of the database plan that you created in [Installing and Configuring the Mendix Operator](#install-operator).
+    * **Storageplan** - If you want to use AWS Secret Manager, select **USE-Secret-Provider**; the installer then uses the storage configuration set in AWS Secret Manager. Otherwise, enter the name of the storage plan that you created in [Installing and Configuring the Mendix Operator](#install-operator).
     * **AppUrl** - The endpoint where you can connect to your running app. It must be a URL which is supported by your platform. If you leave it blank, Mendix Operator will create it.
     * **EnableTLS** - Allows you to enable or disable TLS for the Mendix app's Ingress or OpenShift Router. The default value is use the default settings.
     * **TLS option** - Allows you to use an existing `kubernetes.io/tls` secret containing the TLS certificate, or to provide the `tls.crt` and `tls.key` values directly.

From b65c8e9750b4fdf0593e0d807885dd360c5abca7 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Thu, 27 Mar 2025 13:42:15 +0100
Subject: [PATCH 5/7] Removed unnecessary word

---
 content/en/docs/private-platform/pmp-quickstart.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index acd114392bf..f9b74354463 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -14,7 +14,7 @@ This document provides a comprehensive guide for installing Private Mendix Platf
 The installer is integrated with the AWS Secrets Manager. If required, you can store some configuration in the the AWS Secrets Manager without setting up a storage plan, database plan, PCLM admin and Mendix admin info in the Private Mendix Platform installer.
  
 {{% alert color="info" %}}
-Using a secret storage incorrectly may reduce the security of your app. Consult with your secrets store provider to ensure that it is set up securely for your production environment.  
+Using a secret storage incorrectly may reduce the security of your app. Consult your secrets store provider to ensure that it is set up securely for your production environment.  
 {{% /alert %}}
 
 ### Prerequisites {#prerequisites}

From d05d51ae851899a1211b834035296f927bab90f5 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Mon, 31 Mar 2025 19:17:08 +0200
Subject: [PATCH 6/7] updates

---
 content/en/docs/private-platform/pmp-quickstart.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index f9b74354463..2f3d14fe00f 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -121,11 +121,11 @@ To install and configure the Mendix Operator, perform the following steps:
 5. Configure the namespace by doing the following steps:
 
     1. Click **Configure Namespace**.
-    2. Click **Database Plan** and fill out the required information.
+    2. Optional: If you are not using the AWS Secret Manager, click **Database Plan** and fill out the required information.
         
         {{< figure src="/attachments/private-platform/pmp-install2.png" class="no-border" >}}
 
-    3. Click **Storage Plan** and fill out the required information.
+    3. Optional: If you are not using the AWS Secret Manager, click **Storage Plan** and fill out the required information.
     4. Click **Ingress** and fill out the required information.
         
         {{< figure src="/attachments/private-platform/pmp-install3.png" class="no-border" >}}
@@ -247,11 +247,13 @@ Install the Private Mendix Platform by doing the following steps:
 
 4. Click **Runtime**, and then specify the following parameters:
 
-    * **MxAdminPassword** - The password for the admin user. It must have at least one number, one upper case letter, one lower case letter and one symbol, with a minimum length of 12 characters.
+    * **MxAdminPassword** - Optional. The password for the admin user, required if you are not planning to use the AWS Secret Manager. It must have at least one number, one upper case letter, one lower case letter and one symbol, with a minimum length of 12 characters.
     * **dtapmode** - For production deployments, leave this value set to **P**. For the development of the app, for example acceptance testing, set the value to **D**.
     * **ApplicationRootUrl** - Optional. Manually specify the URL of your Private Mendix Platform, for example, for use with SSO or when sending emails. For more information about this functionality, see [ApplicationRootUrl Needs to be Set Manually](/developerportal/deploy/private-cloud-operator/#applicationrooturl-needs-to-be-set-manually).
-
-    {{< figure src="/attachments/private-platform/pmp-install8.png" class="no-border" >}}
+    * **Use Secret Provider** - Optional. Select this option to use the AWS Secret Manager. Selecting this option enables the following additional fields:
+        * **Secret Provider** - Set to **AWS** by default.
+        * **AWS-Role-ARN** - An [AWS role ARN](https://docs.mendix.com/developerportal/deploy/secret-store-credentials/#aws-secrets-manager) which can access the specified Secret Manager.
+        * **AWS SecretManager Name** - The AWS Secret Manager name where the sensitive data is stored.
 
 5. In the **Enabled Functions** section, select or clear the functions that you want to enable or disable:
  

From 0e3bc0fe37775b092fd6c59915c20d4b6ffc8717 Mon Sep 17 00:00:00 2001
From: katarzyna-koltun-mx
 <108737161+katarzyna-koltun-mx@users.noreply.github.com>
Date: Tue, 1 Apr 2025 15:33:43 +0200
Subject: [PATCH 7/7] SME review

---
 .../docs/private-platform/pmp-quickstart.md   | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/content/en/docs/private-platform/pmp-quickstart.md b/content/en/docs/private-platform/pmp-quickstart.md
index 2f3d14fe00f..8389d21bc60 100644
--- a/content/en/docs/private-platform/pmp-quickstart.md
+++ b/content/en/docs/private-platform/pmp-quickstart.md
@@ -139,7 +139,43 @@ To install and configure the Mendix Operator, perform the following steps:
     8. Click **Exit Installer** > **OK**.
     
         {{< figure src="/attachments/private-platform/pmp-install5.png" class="no-border" >}}
-    
+
+## Optional: Configuring the AWS Secret Manager
+
+To use the secret provider option for your database plan or storage plan, configure the following keys in your AWS Secret Manager:
+
+### Database Plan Keys
+
+| Data Type | Key | Example Value |
+| --- | --- | --- |
+| Database type (for example, PostgreSQL) | **database-type** | `PostgreSQL` |
+| Database Jdbc Url	| **database-jdbc-url**	| `jdbc:postgresql://pg.example.com:5432/my-app-1?sslmode=prefer` |
+| Database host | **database-host**	| `pg.example.com:5432` |
+| Database name	| **database-name** | `my-app-1` |
+| Database user name | **database-username** | `my-app-user-1` |
+| Database password | **database-password**	|  |
+
+### Storage Plan Keys
+
+| Data Type | Key | Example Value |
+| --- | --- | --- |
+| Storage service name | **storage-service-name** | `com.mendix.storage.s3` |
+| S3 Storage endpoint | **storage-endpoint** | `https://my-app-bucket.s3.eu-west-1.amazonaws.com` |
+| S3 Storage access key id | **storage-access-key-id** | `AKIA################` |
+| S3 Storage secret access key | **storage-secret-access-key** | `A###################################` |
+| S3 subdirectory (or bucket name for S3-like storage systems) | **storage-bucket-name** | `subdirectory` |
+
+{{% alert color="info" %}}
+Currently, only AWS S3 or S3-compatible providers are supported.  
+{{% /alert %}}
+
+### Administrator Passwords
+
+| Data Type | Key |
+| --- | --- |
+| PCLM admin password | **pclm-admin-password** |
+| Private Mendix Platform admin password | **mx-admin-password** |
+
 ### Installing Private Cloud License Manager {#install-pclm}
 
 Private Cloud License Manager is a required component of Private Mendix Platform. Before you install the Platform, install PCLM by doing the following steps: