Add secret store configuration#216
Open
danielgerlag wants to merge 2 commits into
Open
Conversation
Signed-off-by: Daniel Gerlag <daniel@gerlag.ca>
Add words used in secret store documentation to the custom spellcheck dictionary: ACI, Hardcoded, IntelliJ, KDE, Keychain, Keyring, keyring, VMs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds documentation for a new secretStore configuration feature in Drasi Server, describing how sources/reactions can resolve sensitive values from external providers rather than embedding secrets directly in config.
Changes:
- Extended the configuration reference to document
secretStore(single- and multi-instance) and provider-specific fields. - Added a new “Configure Secret Stores” how-to guide with provider setup, examples, and troubleshooting.
- Linked the new guide from the main “Configure Drasi Server” guide and the configuration how-to landing page.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docs/content/drasi-server/reference/configuration/_index.md | Adds secretStore to the configuration reference and documents provider options. |
| docs/content/drasi-server/how-to-guides/configuration/configure-secret-stores/_index.md | New how-to guide explaining secret envelopes and supported secret store providers. |
| docs/content/drasi-server/how-to-guides/configuration/configure-drasi-server/_index.md | References the new secret store docs and adds example/config guidance. |
| docs/content/drasi-server/how-to-guides/configuration/_index.md | Adds a navigation card for the new “Configure Secret Stores” guide. |
Comments suppressed due to low confidence (1)
docs/content/drasi-server/how-to-guides/configuration/configure-drasi-server/_index.md:596
- Same
relrefissue as above:"configure-secret-stores"is likely resolved relative toconfigure-drasi-server/and may not match the actual page path. Use an explicit sibling/absolute path to avoid broken links.
For stronger secret management, consider using a [secret store]({{< relref "configure-secret-stores" >}}) instead of (or alongside) environment variables. Secret stores keep credentials in a dedicated vault and prevent them from appearing in environment variable dumps or process listings.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| | `tenantId` | string | Conditional | Required for `client_secret`. | | ||
| | `clientSecret` | string | Conditional | Required for `client_secret`. | | ||
|
|
||
| {{% alert title="Bootstrap constraint" color="warning" %}} |
| | OS Keyring | `keyring` | Local development — uses OS credential manager | | ||
| | Azure Key Vault | `azure-keyvault` | Production on Azure — resolves from Key Vault | | ||
|
|
||
| For full provider configuration details, see [Configure Secret Stores]({{< relref "configure-secret-stores" >}}). |
agentofreality
approved these changes
Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The changes introduce a new feature for configuring secret stores, allowing sensitive values to be managed securely outside of configuration files. This includes support for various secret store providers and detailed instructions on how to implement them.