diff --git a/changelog/12703.doc.md b/changelog/12703.doc.md new file mode 100644 index 000000000000..c18c15aa4419 --- /dev/null +++ b/changelog/12703.doc.md @@ -0,0 +1 @@ +Document support for Vault namespaces. diff --git a/docs/docs/secrets-managers.mdx b/docs/docs/secrets-managers.mdx index d24184886481..90629ecd1a70 100644 --- a/docs/docs/secrets-managers.mdx +++ b/docs/docs/secrets-managers.mdx @@ -66,6 +66,15 @@ and through `endpoints.yml` configuration file. Environment variables and `endpoints.yml` configuration file are merged together and **the values from the environment variables take precedence**. +:::info New in 3.7 +Vault namespaces can be used to isolate secrets. You can +configure a namespace with the `VAULT_NAMESPACE` environment variable or the `namespace` key in secrets_manager +section of the `endpoints.yml` file. +To learn more about namespaces, +check out the [Vault namespaces docs](https://developer.hashicorp.com/vault/docs/enterprise/namespaces). +::: + + The following environment variables are available: | Environment Variable | Description | Default | @@ -75,6 +84,7 @@ The following environment variables are available: | `VAULT_TOKEN` | **Required**. token to authenticate to the vault server | | | `VAULT_RASA_SECRETS_PATH` | Path to the secrets in the vault server | `rasa-secrets` | | `VAULT_TRANSIT_MOUNT_POINT` | If transit secrets engine is enabled, set this to mount point of the transit engine | | +| `VAULT_NAMESPACE` | If namespaces are used, set this to the path of the namespace | | To configure the Vault secrets manager, you can fill the following section in `endpoints.yml` file: ```yaml-rasa title="endpoints.yml @@ -84,6 +94,7 @@ secrets_manager: url: "http://localhost:1234" # required - the address of the vault server secrets_path: rasa-secrets # path to the secrets in the vault server if not set it defaults to `rasa-secrets` transit_mount_point: transit # if transit secrets engine is enabled, set this to mount point of the transit engine + namespace: my-namespace # if namespaces are used, set this to the path of the namespace ``` #### Store access credentials in environment variables @@ -103,6 +114,7 @@ secrets_manager: url: "http://localhost:1234" secrets_path: rasa-secrets # if not set it defaults to `rasa-secrets` transit_mount_point: transit # if you have enabled transit secrets engine, and you want to use it + namespace: my-namespace # if namespaces are used, set this to the path of the namespace ``` ### How to configure Tracker Store with Vault Secrets Manager diff --git a/docs/docs/sources/rasa_interactive___help.txt b/docs/docs/sources/rasa_interactive___help.txt index f43d6ec7a01c..3ea3e8a28beb 100644 --- a/docs/docs/sources/rasa_interactive___help.txt +++ b/docs/docs/sources/rasa_interactive___help.txt @@ -39,7 +39,7 @@ options: --conversation-id CONVERSATION_ID Specify the id of the conversation the messages are in. Defaults to a UUID that will be randomly - generated. (default: 472169e76bd74d12b8ef50f50ab45f54) + generated. (default: de04d0f298734aeabe093213937197d3) --endpoints ENDPOINTS Configuration file for the model server and the connectors as a yml file. (default: endpoints.yml) diff --git a/docs/docs/sources/rasa_shell___help.txt b/docs/docs/sources/rasa_shell___help.txt index 813ecae5c13b..e2104badea2d 100644 --- a/docs/docs/sources/rasa_shell___help.txt +++ b/docs/docs/sources/rasa_shell___help.txt @@ -30,7 +30,7 @@ options: -h, --help show this help message and exit --conversation-id CONVERSATION_ID Set the conversation ID. (default: - e7bd62f55298456683c3eea5d8b0bfbb) + 1fdbcdaf73d348a7aea93a95065c1262) -m MODEL, --model MODEL Path to a trained Rasa model. If a directory is specified, it will use the latest model in this