docs: specify the process to provide an application secret via AWS Se…

…crets Manager sciety/sciety#3230
elifesciences · May 9, 2024 · b13b34d · b13b34d
1 parent f3f4a51
commit b13b34d
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/guide-for-application-teams.md b/docs/guide-for-application-teams.md
@@ -11,6 +11,7 @@ Dashboards
 - [Grafana Dashboards](https://grafana.elifesciences.org/dashboards)
 - [Prometheus (Metrics)](https://prometheus.elifesciences.org)
 - [Alertmanager](https://alertmanager.elifesciences.org)
+- [AWS console for the `512686554592` account](https://512686554592.signin.aws.amazon.com/)
 
 The __#cluster-alerts__ slack channel receives alerts from:
 
@@ -34,6 +35,14 @@ Adding Helm Charts
     -   Setup an [`ImageUpdateAutomation`](https://fluxcd.io/docs/components/image/imageupdateautomations/) to describe which `GitRepository` object you want flux to update, and which directory
     -   Add a [policy marker](https://fluxcd.io/docs/guides/image-update/#configure-image-update-for-custom-resources) to tell Flux how to update te yaml files
 
+Provide a secret to an application
+----------------------------------
+
+### Via AWS Secrets Manager
+
+1. Store the secret in [AWS Secrets Manager](https://us-east-1.console.aws.amazon.com/secretsmanager/listsecrets?region=us-east-1) under a team-based prefix such as `sciety-team/*`.
+1. Create an [`ExternalSecret`](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) manifest to pull the secret into the cluster, in the form of a Kubernetes [`Secret`](https://kubernetes.io/docs/concepts/configuration/secret/) managed by the platform.
+
 Services available on the Cluster
 =================================