Keyfactor
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎GNUmakefile‎
Lines changed: 3 additions & 1 deletion b/‎GNUmakefile‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎docs/use-cases/PAM Operations/README.md‎
Lines changed: 28 additions & 0 deletions b/‎docs/use-cases/PAM Operations/README.md‎
Lines changed: 28 additions & 0 deletions
@@ -14,6 +14,7 @@
 - Add use-case documentation for bulk certificate store updates.
 - Add use-case documentation for migrating certificate store credentials from static values to a PAM provider.
 - Add generated per-store-type bulk create and update use-case guides.
+- Add generated PAM Operations use-case documentation for PAM type and provider creation.
 
 # v1.9.1
 
 
@@ -86,5 +86,7 @@ generate_toc:
 store-type-docs:
 	GOWORK=off GOCACHE=/tmp/kfutil-gocache go run ./tools/storetypedocs
 
+pam-operation-docs:
+	GOWORK=off GOCACHE=/tmp/kfutil-gocache go run ./tools/pamdocs
 
-.PHONY: build prerelease release install test fmt vendor version setversion store-type-docs
+.PHONY: build prerelease release install test fmt vendor version setversion store-type-docs pam-operation-docs
@@ -0,0 +1,28 @@
+<!-- Generated by tools/pamdocs. -->
+# PAM Operations
+
+Use cases for creating PAM provider types and PAM providers with `kfutil`.
+
+These docs are generated from `cmd/pam_types.json`. Regenerate after PAM type metadata changes:
+
+```bash
+make pam-operation-docs
+```
+
+- [Create PAM Types](create-pam-types.md)
+- [Create PAM Providers](create-pam-providers.md)
+
+## Embedded PAM Types
+
+| PAM type | Provider configuration parameters | Certificate store instance parameters |
+| --- | --- | --- |
+| `1Password-CLI` | Vault, Token | Item, Field |
+| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
+| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
+| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
+| `GCP-SecretManager` | projectId | secretId |
+| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+