This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch sec-ibm-sec
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 866b21655b4d5910c563b43620029054b68e4118
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Mon Mar 3 16:46:35 2025 +0100

    Camel-IBM-Secrets-Manager: Adding documentation in Security Asciidoc too
    
    Signed-off-by: Andrea Cosentino <anco...@gmail.com>
---
 docs/user-manual/modules/ROOT/pages/security.adoc | 133 ++++++++++++++++++++++
 1 file changed, 133 insertions(+)

diff --git a/docs/user-manual/modules/ROOT/pages/security.adoc 
b/docs/user-manual/modules/ROOT/pages/security.adoc
index 261bd6627c7..b875b439717 100644
--- a/docs/user-manual/modules/ROOT/pages/security.adoc
+++ b/docs/user-manual/modules/ROOT/pages/security.adoc
@@ -581,6 +581,139 @@ This approach will return the route secret value with 
version '2' or default val
 
 This approach will return the username field of the database secret with 
version '2' or admin in case the secret doesn't exist or the version doesn't 
exist (in the 'secret' engine).
 
+==== Using IBM Secrets Manager Vault
+
+To use this function, you'll need to provide credentials for IBM Secrets 
Manager vault as environment variables:
+
+[source,bash]
+----
+export CAMEL_VAULT_IBM_TOKEN=token
+export CAMEL_VAULT_IBM_SERVICE_URL=serviceUrl
+----
+
+You can also configure the credentials in the `application.properties` file 
such as:
+
+[source,properties]
+----
+camel.vault.ibm.token = token
+camel.vault.ibm.serviceUrl = serviceUrl
+----
+
+NOTE: if you're running the application on a Kubernetes based cloud platform, 
you can initialize the environment variables from a Secret or Configmap to 
enhance security. You can also enhance security by 
xref:manual::using-propertyplaceholder.adoc#_resolving_property_placeholders_on_cloud[setting
 a Secret property placeholder] which will be initialized at application 
runtime only.
+
+NOTE: `camel.vault.ibm` configuration only applies to the IBM Secrets Manager 
Vault properties function (E.g when resolving properties).
+When using the `operation` option to create, get, list secrets etc., you 
should provide the `token` and `serviceUrl` options.
+
+At this point, you'll be able to reference a property in the following way:
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <to uri="{{ibm:default:route}}"/>
+    </route>
+</camelContext>
+----
+
+Where route will be the name of the secret stored in the IBM Secrets Manager 
Vault instance, in the 'default' secret group.
+
+You could specify a default value in case the secret is not present on IBM 
Secrets Manager Vault instance:
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <to uri="{{ibm:default:route:default}}"/>
+    </route>
+</camelContext>
+----
+
+In this case, if the secret doesn't exist in the 'default' secret group, the 
property will fall back to "default" as value.
+
+Also, you are able to get a particular field of the secret, if you have, for 
example, a secret named database of this form:
+
+[source,bash]
+----
+{
+  "username": "admin",
+  "password": "password123",
+  "engine": "postgres",
+  "host": "127.0.0.1",
+  "port": "3128",
+  "dbname": "db"
+}
+----
+
+You're able to do get single secret value in your route, in the 'default' 
secret group, like for example:
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <log message="Username is {{ibm:default:database#username}}"/>
+    </route>
+</camelContext>
+----
+
+Or re-use the property as part of an endpoint.
+
+You could specify a default value in case the particular field of secret is 
not present on IBM Secrets Manager Vault instance, in the 'secret' engine:
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <log message="Username is {{ibm:default:database#username:admin}}"/>
+    </route>
+</camelContext>
+----
+
+In this case, if the secret doesn't exist or the secret exists (in the 
'default' secret group) but the username field is not part of the secret, the 
property will fall back to "admin" as value.
+
+There is also the syntax to get a particular version of the secret for both 
the approaches, with field/default value specified or only with secret:
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <to uri="{{ibm:default:route@2}}"/>
+    </route>
+</camelContext>
+----
+
+This approach will return the RAW route secret with version '2', in the 
'default' secret group.
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <to uri="{{ibm:default:route:default@2}}"/>
+    </route>
+</camelContext>
+----
+
+This approach will return the route secret value with version '2' or default 
value in case the secret doesn't exist or the version doesn't exist (in the 
'default' secret group).
+
+[source,xml]
+----
+<camelContext>
+    <route>
+        <from uri="direct:start"/>
+        <log message="Username is {{ibm:default:database#username:admin@2}}"/>
+    </route>
+</camelContext>
+----
+
+This approach will return the username field of the database secret with 
version '2' or admin in case the secret doesn't exist or the version doesn't 
exist (in the 'default' secret group).
+
+The only requirement is adding the camel-ibm-secrets-manager jar to your Camel 
application.
+
 ==== Automatic Camel context reloading on Secret Refresh while using AWS 
Secrets Manager
 
 Being able to reload Camel context on a Secret Refresh, could be done by 
specifying the usual credentials (the same used for AWS Secret Manager Property 
Function).

Reply via email to