Merge branch 'feat/pki-sync-docs' into feat/PKI-29

2026-01-07 22:53:55 -05:00 · 2025-11-20 16:49:23 -03:00
parent 8d628d7aab b095a15f9a
commit b8c7eb0c18
8 changed files with 14 additions and 16 deletions
--- a/.infisicalignore
+++ b/.infisicalignore
@@ -55,4 +55,5 @@ docs/integrations/app-connections/redis.mdx:generic-api-key:80
 backend/src/ee/services/app-connections/chef/chef-connection-fns.ts:private-key:42
 docs/documentation/platform/pki/enrollment-methods/api.mdx:generic-api-key:93
 docs/documentation/platform/pki/enrollment-methods/api.mdx:private-key:139
-docs/documentation/platform/pki/certificate-syncs/aws-secrets-manager.mdx:private-key:62
+docs/documentation/platform/pki/certificate-syncs/aws-secrets-manager.mdx:private-key:62
+docs/documentation/platform/pki/certificate-syncs/chef.mdx:private-key:61
--- a/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/delete.mdx
+++ b/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/delete.mdx
@@ -1,4 +1,4 @@
 ---
 title: "Delete AWS Secrets Manager PKI Sync"
-openapi: "DELETE /api/v1/pki/syncs/aws-secrets-manager/{syncId}"
+openapi: "DELETE /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}"
 ---
--- a/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/get-by-id.mdx
+++ b/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/get-by-id.mdx
@@ -1,4 +1,4 @@
 ---
 title: "Get AWS Secrets Manager PKI Sync by ID"
-openapi: "GET /api/v1/pki/syncs/aws-secrets-manager/{syncId}"
+openapi: "GET /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}"
 ---
--- a/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/remove-certificates.mdx
+++ b/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/remove-certificates.mdx
@@ -1,4 +1,4 @@
 ---
 title: "Remove Certificates from AWS Secrets Manager"
-openapi: "POST /api/v1/pki/syncs/aws-secrets-manager/{syncId}/remove-certificates"
+openapi: "POST /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}/remove-certificates"
 ---
--- a/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/sync-certificates.mdx
+++ b/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/sync-certificates.mdx
@@ -1,4 +1,4 @@
 ---
 title: "Sync Certificates to AWS Secrets Manager"
-openapi: "POST /api/v1/pki/syncs/aws-secrets-manager/{syncId}/sync-certificates"
+openapi: "POST /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}/sync-certificates"
 ---
--- a/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/update.mdx
+++ b/docs/api-reference/endpoints/pki/syncs/aws-secrets-manager/update.mdx
@@ -1,4 +1,4 @@
 ---
 title: "Update AWS Secrets Manager PKI Sync"
-openapi: "PATCH /api/v1/pki/syncs/aws-secrets-manager/{syncId}"
+openapi: "PATCH /api/v1/pki/syncs/aws-secrets-manager/{pkiSyncId}"
 ---
--- a/docs/documentation/platform/pki/certificate-syncs/aws-secrets-manager.mdx
+++ b/docs/documentation/platform/pki/certificate-syncs/aws-secrets-manager.mdx
@@ -35,14 +35,12 @@ Any role with these permissions would work such as a custom policy with **Secret

            - **AWS Connection**: The AWS Connection to authenticate with.
            - **Region**: The AWS region where secrets will be stored.
-            - **KMS Key ID** (Optional): The KMS key ID to use for encrypting secrets. Leave blank to use the default AWS managed key.

        4. Configure the **Sync Options** to specify how certificates should be synced, then click **Next**.
        ![Configure Options](/images/platform/pki/certificate-syncs/aws-secrets-manager/aws-secrets-manager-options.png)

            - **Enable Removal of Expired/Revoked Certificates**: If enabled, Infisical will remove certificates from the destination if they are no longer active in Infisical.
            - **Preserve Secret on Renewal**: Only applies to certificate renewals. When a certificate is renewed in Infisical, this option controls how the renewed certificate is handled. If enabled, the renewed certificate will update the existing secret, preserving the same secret name. If disabled, the renewed certificate will be created as a new secret with a new name.
-            - **Update Existing Certificates**: If enabled, Infisical will update existing secrets when certificate content changes.
            - **Certificate Name Schema** (Optional): Customize how secret names are generated in AWS Secrets Manager. Use `{{certificateId}}` as a placeholder for the certificate ID.
            - **Auto-Sync Enabled**: If enabled, certificates will automatically be synced when changes occur. Disable to enforce manual syncing only.

@@ -51,8 +49,8 @@ Any role with these permissions would work such as a custom policy with **Secret

            - **Certificate Field**: The field name where the certificate will be stored in the secret value (default: `certificate`)
            - **Private Key Field**: The field name where the private key will be stored in the secret value (default: `private_key`)
-            - **Certificate Chain Field**: The field name where the full certificate chain will be stored in the secret value (default: `certificate_chain`)
-            - **CA Certificate Field**: The field name where the CA certificate will be stored in the secret value (default: `ca_certificate`)
+            - **Certificate Chain Field**: The field name where the full certificate chain excluding the root CA certificate will be stored (default: `certificate_chain`)
+            - **CA Certificate Field**: The field name where the root CA certificate will be stored (default: `ca_certificate`)

        <Tip>
            **AWS Secrets Manager Secret Structure**: Certificates are stored in AWS Secrets Manager as JSON secrets with the following structure (field names can be customized via field mappings):
--- a/docs/documentation/platform/pki/certificate-syncs/chef.mdx
+++ b/docs/documentation/platform/pki/certificate-syncs/chef.mdx
@@ -40,7 +40,6 @@ Any role with these permissions would work such as a custom role with **Data Bag

            - **Enable Removal of Expired/Revoked Certificates**: If enabled, Infisical will remove certificates from the destination if they are no longer active in Infisical.
            - **Preserve Data Bag Item on Renewal**: Only applies to certificate renewals. When a certificate is renewed in Infisical, this option controls how the renewed certificate is handled. If enabled, the renewed certificate will update the existing data bag item, preserving the same item name. If disabled, the renewed certificate will be created as a new data bag item with a new name.
-            - **Update Existing Certificates**: If enabled, Infisical will update existing data bag items when certificate content changes.
            - **Certificate Name Schema** (Optional): Customize how certificate item names are generated in Chef data bags. Use `{{certificateId}}` as a placeholder for the certificate ID.
            - **Auto-Sync Enabled**: If enabled, certificates will automatically be synced when changes occur. Disable to enforce manual syncing only.

@@ -49,8 +48,8 @@ Any role with these permissions would work such as a custom role with **Data Bag

            - **Certificate Field**: The field name where the certificate will be stored in the data bag item (default: `certificate`)
            - **Private Key Field**: The field name where the private key will be stored in the data bag item (default: `private_key`)
-            - **Certificate Chain Field**: The field name where the full certificate chain will be stored in the data bag item (default: `certificate_chain`)
-            - **CA Certificate Field**: The field name where the CA certificate will be stored in the data bag item (default: `ca_certificate`)
+            - **Certificate Chain Field**: The field name where the full certificate chain excluding the root CA certificate will be stored (default: `certificate_chain`)
+            - **CA Certificate Field**: The field name where the root CA certificate will be stored (default: `ca_certificate`)

        <Tip>
            **Chef Data Bag Item Structure**: Certificates are stored in Chef data bags as items with the following structure (field names can be customized via field mappings):
@@ -119,7 +118,7 @@ Any role with these permissions would work such as a custom role with **Data Bag
            ],
            "syncOptions": {
                "canRemoveCertificates": true,
-                "preserveArn": true,
+                "preserveSecretOnRenewal": true,
                "canImportCertificates": false,
                "certificateNameSchema": "myapp-{{certificateId}}",
                "fieldMappings": {
@@ -151,7 +150,7 @@ Any role with these permissions would work such as a custom role with **Data Bag
            "isAutoSyncEnabled": true,
            "syncOptions": {
                "canRemoveCertificates": true,
-                "preserveArn": true,
+                "preserveSecretOnRenewal": true,
                "canImportCertificates": false,
                "certificateNameSchema": "{{commonName}}-{{certificateId}}",
                "fieldMappings": {
@@ -182,7 +181,7 @@ Any role with these permissions would work such as a custom role with **Data Bag
                },
                "syncOptions": {
                    "canRemoveCertificates": true,
-                    "preserveArn": true,
+                    "preserveSecretOnRenewal": true,
                    "canImportCertificates": false,
                    "certificateNameSchema": "myapp-{{certificateId}}",
                    "fieldMappings": {