(DOCSP-39427) Updates to Vault secrets config (#1712)

JuliaMongo · jwilliams-mongo · commit f69ade3fd85b · 2025-04-14T17:11:23.000-05:00
* (DOCSP-39427) Updates to Vault secrets config * Edits * Edits, to make it clear that the role name is hard-coded
diff --git a/source/includes/steps-use-vault.yaml b/source/includes/steps-use-vault.yaml
@@ -109,6 +109,10 @@ ref: vault-add-annotations
 title: "Add the annotations to the |k8s| deployment file."
 content: |
 
+  Before running commands in this step, ensure that you have
+  `created a Vault role <https://developer.hashicorp.com/vault/docs/auth/approle>`__
+  with the name ``mongodbenterprise``.
+
   Add the following highlighted lines to the ``spec.template.metadata.annotations`` section of your
   |k8s-op-short| deployment file. For most users, this file's name is ``mongodb-enterprise.yaml`` or
   ``mongodb-enterprise-openshift.yaml``.
diff --git a/source/tutorial/secret-storage.txt b/source/tutorial/secret-storage.txt
@@ -88,10 +88,11 @@ To set the |secret-store|, select one of the following options:
         instance.
 
         .. note::
-          
+
            Ensure that |vault-short| is **not** running in `dev mode <https://www.vaultproject.io/docs/concepts/dev-server>`__ 
            and that your |vault-short| installation follows any applicable
            `configuration recommendations <https://learn.hashicorp.com/tutorials/vault/production-hardening>`__.
+
       - Enable `Kubernetes Authentication <https://www.vaultproject.io/docs/auth/kubernetes>`__
         for the |vault-short| instance. This allows you to authenticate with
         |vault-short|.
@@ -100,13 +101,16 @@ To set the |secret-store|, select one of the following options:
         |vault-short| into your |k8s| Pods.
       - Download the four `Vault policy files <https://github.com/mongodb/mongodb-enterprise-kubernetes/tree/master/vault_policies>`__
         for the |k8s-op-short|, MongoDB database, |onprem|, and AppDB.
+      - `Create a role <https://developer.hashicorp.com/vault/docs/auth/approle>`__
+        in |vault-short| with the name ``mongodbenterprise``. The configuration
+        of secrets in the |k8s-op-short| relies on the presence of this
+        role and its exact name.
 
       Procedure
       ~~~~~~~~~
 
       .. include:: /includes/steps/use-vault.rst
 
-
 Next Steps
 ----------
 
