feat: add aws secret manager docs (#245)

insider89 · web-flow · commit c46c34cf168a · 2025-03-26T11:05:47.000+02:00
## Summary by Sourcery

New Features:
- Adds documentation for AWS Secret Manager, including setup
instructions, IAM user creation, access key generation, and Helm chart
values configuration.
diff --git a/content/docs/launching-the-platform/self-hosted-onprem/prerequisites/secret-management.mdx b/content/docs/launching-the-platform/self-hosted-onprem/prerequisites/secret-management.mdx
@@ -15,6 +15,7 @@ import { Tab, Tabs } from "fumadocs-ui/components/tabs";
     ### Platform Options
     - HashiCorp Vault
     - Google Secret Manager
+    - AWS Secret Manager
   </Card>
 
   <Card>
@@ -28,7 +29,7 @@ import { Tab, Tabs } from "fumadocs-ui/components/tabs";
 
 ## Deployment Options
 
-<Tabs items={['Google Secret Manager', 'HCP Vault', 'Self-Hosted Vault']}>
+<Tabs items={['Google Secret Manager', 'HCP Vault', 'Self-Hosted Vault', 'AWS Secret Manager']}>
   <Tab value="Google Secret Manager">
     ### Google Secret Manager Setup
 
@@ -193,6 +194,52 @@ import { Tab, Tabs } from "fumadocs-ui/components/tabs";
     </Callout>
 
   </Tab>
+
+  <Tab value="AWS Secret Manager">
+    ### AWS Secret Manager Setup
+
+    <Steps>
+      ### Create IAM User
+      - Go to AWS IAM Console
+      - Create a new IAM user
+      - Grant the following permissions:
+        - `secretsmanager:CreateSecret`
+        - `secretsmanager:GetSecretValue`
+        - `secretsmanager:PutSecretValue`
+        - `secretsmanager:DeleteSecret`
+        - `secretsmanager:ListSecrets`
+
+      ### Generate Access Keys
+      - In the IAM console, select your user
+      - Go to "Security credentials" tab
+      - Create new access key
+      - Save both the Access Key ID and Secret Access Key
+    </Steps>
+
+    <Callout type="info">
+      **AWS Secret Manager provides:**
+      - Regional availability
+      - Automatic encryption
+      - Fine-grained IAM controls
+      - AWS CloudTrail integration
+    </Callout>
+
+    <Callout>
+      **Helm Chart Values:**
+      ```yaml
+      # values.yaml for Helm installation
+      awsSecretManager:
+        # -- Enable AWS Secret Manager integration
+        enabled: true
+        # -- The AWS region
+        region: 'us-east-1'
+        # -- The AWS access key ID
+        accessKeyId: 'your-access-key-id'
+        # -- The AWS secret access key
+        secretAccessKey: 'your-secret-access-key'
+      ```
+    </Callout>
+  </Tab>
 </Tabs>
 
 ## Information Collection
@@ -211,7 +258,8 @@ Choose one of the following configurations for your Helm values:
 # values.yaml
 vault:
   enabled: false
-
+awsSecretManager:
+  enabled: false
 googleSecretManager:
   enabled: true
   projectId: "your-project-id"
@@ -232,7 +280,8 @@ googleSecretManager:
 # values.yaml
 googleSecretManager:
   enabled: false
-
+awsSecretManager:
+  enabled: false
 vault:
   enabled: true
   address: "https://vault-cluster.hashicorp.cloud:8200"
@@ -241,17 +290,36 @@ vault:
   secretId: "your-secret-id"
 ```
 
+**For AWS Secret Manager:**
+
+- [ ] AWS Region
+- [ ] AWS Access Key ID
+- [ ] AWS Secret Access Key
+
+```yaml
+# values.yaml
+vault:
+  enabled: false
+googleSecretManager:
+  enabled: false
+awsSecretManager:
+  enabled: true
+  region: "your-aws-region"
+  accessKeyId: "your-access-key-id"
+  secretAccessKey: "your-secret-access-key"
+```
+
 <Callout type="warning">
 Make sure to:
-1. Enable only one secret management solution (`vault` or `googleSecretManager`)
-2. Disable the other option by setting `enabled: false`
+1. Enable only one secret management solution
+2. Explicitly disable all other secret management options by setting `enabled: false`
 3. Provide all required values for your chosen solution
 </Callout>
 </Callout>
 
 ## Validation
 
-<Tabs items={['Google Secret Manager', 'HashiCorp Vault']}>
+<Tabs items={['Google Secret Manager', 'HashiCorp Vault', 'AWS Secret Manager']}>
   <Tab value="Google Secret Manager">
     ```bash
     # Set environment variables
@@ -279,11 +347,23 @@ Make sure to:
     ```
 
   </Tab>
+
+  <Tab value="AWS Secret Manager">
+    ```bash
+    # Set environment variables
+    export AWS_ACCESS_KEY_ID="your-access-key-id"
+    export AWS_SECRET_ACCESS_KEY="your-secret-access-key"
+    export AWS_REGION="your-aws-region"
+
+    # Verify access (requires AWS CLI)
+    aws secretsmanager list-secrets
+    ```
+  </Tab>
 </Tabs>
 
 ## Troubleshooting
 
-<div className="grid grid-cols-1 md:grid-cols-2 gap-6 mb-8">
+<div className="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
   <Card>
     ### Google Secret Manager Issues
     - Verify service account permissions
@@ -299,6 +379,14 @@ Make sure to:
     - Confirm TLS settings
     - Validate namespace (HCP)
   </Card>
+
+  <Card>
+    ### AWS Secret Manager Issues
+    - Verify IAM permissions
+    - Check access key validity
+    - Confirm region setting
+    - Validate network access
+  </Card>
 </div>
 
 <Callout type="info">
