Browse Source

docs(fortanix): add to support matrix and tidy provider page (#6562)

Fortanix was documented and in the nav but missing from the support matrix
entirely. Add the maintainer row (alpha, original SDKMS contributor) and the
feature row: referent authentication and store validation are supported (relaxed
referent validator plus namespace-aware key resolution, and real ValidateStore
checks); find, push, delete and metadataPolicy are not. Also promote the page
headings (H2 title to H1, H3 sections to H2) and add a Limitations section noting
custom CA is unsupported and the provider is read-only.

Refs: external-secrets/external-secrets#6400

Signed-off-by: Alexander Chernov <alexander@chernov.it>
Alexander Chernov 20 hours ago
parent
commit
89d1312a71
2 changed files with 11 additions and 4 deletions
  1. 2 0
      docs/introduction/stability-support.md
  2. 9 4
      docs/provider/fortanix.md

+ 2 - 0
docs/introduction/stability-support.md

@@ -98,6 +98,7 @@ The following table describes the stability level of each provider and who's res
 | [Barbican](https://external-secrets.io/latest/provider/barbican)                                           |     alpha | [@rkferreira](https://github.com/rkferreira)                                                        |
 | [Devolutions Server](https://external-secrets.io/latest/provider/devolutions-server)                       |     alpha | [@rbstp](https://github.com/rbstp)                                                                  |
 | [Nebius MysteryBox](https://external-secrets.io/latest/provider/nebius-mysterybox)                         | alpha     | [@greenmapc](https://github.com/greenmapc)                                                          |
+| [Fortanix](https://external-secrets.io/latest/provider/fortanix)                                           |     alpha | [@RecuencoJones](https://github.com/RecuencoJones)                                                  |
 
 ## Provider Feature Support
 
@@ -138,6 +139,7 @@ The following table show the support for features across different providers.
 | Barbican                  |      x       |              |                      |                         |        x         |             |                             |
 | Devolutions Server        |              |              |                      |                         |        x         |      x      |                             |
 | Nebius Mysterybox         |              |              |                      |                         |        x         |             |                             |
+| Fortanix                  |              |              |                      |            x            |        x         |             |                             |
 
 ## Support Policy
 

+ 9 - 4
docs/provider/fortanix.md

@@ -1,12 +1,12 @@
-## Fortanix DSM / SDKMS
+# Fortanix DSM / SDKMS
 
 Populate kubernetes secrets from OPAQUE or SECRET security objects in Fortanix.
 
-### Authentication
+## Authentication
 
 SDKMS [Application API Key](https://support.fortanix.com/hc/en-us/articles/360015941132-Authentication)
 
-### Creating a SecretStore
+## Creating a SecretStore
 
 ```yaml
 apiVersion: external-secrets.io/v1
@@ -23,7 +23,7 @@ spec:
           key: <KEY_IN_KUBE_SECRET>
 ```
 
-### Referencing Secrets
+## Referencing Secrets
 
 ```yaml
 # Raw stored value
@@ -71,3 +71,8 @@ spec:
   - extract:
       key: <SDKMS_SECURITY_OBJECT_NAME>
 ```
+
+## Limitations
+
+- **Custom CA certificates**: connecting to an SDKMS endpoint that uses a self-signed or custom CA certificate is not currently supported (tracked in [issue #6400](https://github.com/external-secrets/external-secrets/issues/6400)).
+- **Read-only**: this provider only reads secrets. Pushing secrets (`PushSecret`) and discovering secrets (`dataFrom.find`) are not supported.