docs: omit provider-level PAM parameters from store guides

Author: spbsoluble

docs/use-cases/Certificate Store Operations/Store Types/README.md

@@ -13,19 +13,19 @@ Use `kfutil stores import generate-template` against a live Command environment
 
 ## PAM Provider Parameter Columns
 
-PAM-backed secret columns vary by PAM provider type. Provider-level parameters are configured on the PAM provider. Store CSV rows use the instance-level parameter names with the secret column prefix, for example `Properties.ServerPassword.Parameters.SecretId` or `Password.Parameters.SecretId`.
+PAM-backed secret columns vary by PAM provider type. Certificate store CSV rows can only set the instance-level parameter names exposed to certificate stores, with the secret column prefix. For example, use `Properties.ServerPassword.Parameters.SecretId` or `Password.Parameters.SecretId`.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## Store Types
 

docs/use-cases/Certificate Store Operations/Store Types/akamai.md

@@ -150,17 +150,17 @@ Properties.client_secret.Provider,Properties.client_secret.Parameters.<Parameter
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/appgwbin.md

@@ -109,17 +109,17 @@ Properties.ClientCertificate.Provider,Properties.ClientCertificate.Parameters.<P
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/aruba.md

@@ -115,17 +115,17 @@ Properties.FileServerPassword.Provider,Properties.FileServerPassword.Parameters.
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/aws-acm-v3.md

@@ -126,17 +126,17 @@ Properties.IAMUserAccessSecret.Provider,Properties.IAMUserAccessSecret.Parameter
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/aws-acm.md

@@ -123,17 +123,17 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/axisipcamera.md

@@ -113,17 +113,17 @@ Properties.ServerPassword.Provider,Properties.ServerPassword.Parameters.<Paramet
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/azureapp.md

@@ -109,17 +109,17 @@ Properties.ClientCertificate.Provider,Properties.ClientCertificate.Parameters.<P
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/azureapp2.md

@@ -111,17 +111,17 @@ Properties.ClientCertificatePassword.Provider,Properties.ClientCertificatePasswo
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References
 

docs/use-cases/Certificate Store Operations/Store Types/azureappgw.md

@@ -109,17 +109,17 @@ Properties.ClientCertificate.Provider,Properties.ClientCertificate.Parameters.<P
 
 Use the PAM parameter names in the table below, or check the provider type in Command if your environment uses custom PAM types.
 
-| PAM type | Provider-level parameters | Store CSV instance parameters |
-| --- | --- | --- |
-| `1Password-CLI` | Vault, Token | Item, Field |
-| `Azure-KeyVault` | KeyVaultUri, AuthorityHost | SecretId |
-| `Azure-KeyVault-ServicePrincipal` | KeyVaultUri, AuthorityHost, TenantId, ClientId, ClientSecret | SecretId |
-| `BeyondTrust-PasswordSafe` | Host, APIKey, Username, ClientCertificate | SystemId, AccountId |
-| `CyberArk-CentralCredentialProvider` | AppId, Host, Site | Safe, Folder, Object |
-| `CyberArk-SdkCredentialProvider` | AppId | Safe, Folder, Object |
-| `Delinea-SecretServer` | Host, Username, Password, ClientId, ClientSecret, GrantType | SecretId, SecretFieldName |
-| `GCP-SecretManager` | projectId | secretId |
-| `Hashicorp-Vault` | Host, Token, Path | Secret, Key |
+| PAM type | Store CSV parameter names |
+| --- | --- |
+| `1Password-CLI` | Item, Field |
+| `Azure-KeyVault` | SecretId |
+| `Azure-KeyVault-ServicePrincipal` | SecretId |
+| `BeyondTrust-PasswordSafe` | SystemId, AccountId |
+| `CyberArk-CentralCredentialProvider` | Safe, Folder, Object |
+| `CyberArk-SdkCredentialProvider` | Safe, Folder, Object |
+| `Delinea-SecretServer` | SecretId, SecretFieldName |
+| `GCP-SecretManager` | secretId |
+| `Hashicorp-Vault` | Secret, Key |
 
 ## References