Add docs for Fleet secrets storage (phase 1) (elastic#355)

* Add docs for Fleet secrets storage (phase 1) * Fixup * Resize graphic * Add warning about minimum required version * Update docs/en/ingest-management/agent-policies.asciidoc Co-authored-by: Julia Bardi <[email protected]> * Update 'Package Var Secret' graphic with clearer version --------- Co-authored-by: Julia Bardi <[email protected]>
kilfoyle · Aug 24, 2023 · f2d588a · f2d588a
1 parent 36f9d5d
commit f2d588a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/docs/en/ingest-management/agent-policies.asciidoc b/docs/en/ingest-management/agent-policies.asciidoc
@@ -195,6 +195,8 @@ If you make a mistake, you can always re-configure or re-add an integration.
 
 Any saved changes are immediately distributed and applied to all {agent}s enrolled in the given {policy}.
 
+To update any secret values in an integration policy, refer to <<agent-policy-secret-values>>.
+
 [discrete]
 [[copy-policy]]
 == Copy a policy
@@ -274,6 +276,32 @@ that you added. Lack of connectivity will prevent the {agent}
 from checking in with the {fleet-server} and receiving policy updates, but the agents
 will still forward data to the cluster.
 
+[discrete]
+[[agent-policy-secret-values]]
+== Policy secret values
+
+When you create an integration policy you often need to provide sensitive information such as an API key or a password. To help ensure that data can't be accessed inappropriately, any secret values used in an integration policy are stored separately from other policy details.
+
+As well, after you've saved a secret value in {fleet}, the value is hidden in both the {fleet} UI and in the agent policy definition. When you view the agent policy (**Actions -> View policy**), an environment variable is displayed in place of any secret values, for example `${SECRET_0}`.
+
+WARNING: In order for sensitive values to be stored secretly in {fleet}, all configured {fleet-server}s must be on version 8.10.0 or higher.
+
+Though secret values stored in {fleet} are hidden, they can be updated. To update a secret value in an integration policy:
+
+. In {fleet}, click **Agent policies**.
+Select the name of the policy you want to edit.
+
+. Search or scroll to a specific integration.
+Open the **Actions** menu and select **Edit integration**. Any secret information is marked as being hidden.
+
+. Click the link to replace the secret value with a new one.
++
+[role="screenshot"]
+image::images/fleet-policy-hidden-secret.png[Screen capture showing a hidden secret value as part of an integration policy]
+// This graphic should be updated once a higher resolution version is available.
+
+. Click **Save integration**. The original secret value is overwritten in the policy.
+
 [discrete]
 [[agent-policy-scale]]
 == Policy scaling recommendations

diff --git a/docs/en/ingest-management/images/fleet-policy-hidden-secret.png b/docs/en/ingest-management/images/fleet-policy-hidden-secret.png