vals docs page additions

cloudposse · Nov 12, 2024 · d30fce7 · d30fce7
1 parent 27c78f0
commit d30fce7
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/go.sum b/go.sum
@@ -993,7 +993,6 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
 github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=

diff --git a/website/docs/core-concepts/stacks/templates/functions/atmos.Vals.mdx b/website/docs/core-concepts/stacks/templates/functions/atmos.Vals.mdx
@@ -9,16 +9,22 @@ import Intro from '@site/src/components/Intro'
 import Admonition from '@theme/Admonition'
 
 <Intro>
-The `atmos.Vals` template function wraps [vals](https://github.com/helmfile/vals) to support loading config values and secrets from external sources.
-</Intro>
+The `atmos.Vals` template function wraps [vals](https://github.com/helmfile/vals) to support loading config values and secrets from external sources. This enables secure management of sensitive information by keeping secrets separate from your configuration files and leveraging established secret management systems.
+ </Intro>
 
 <Admonition type="warning" title="Careful with secrets">
-  `atmos describe stack` will reveal the secrets in plain text without obfuscation.
+  `atmos describe stack` will reveal the secrets in plain text without obfuscation. Make sure not to accidentally run these commands to stdout in your CI/CD pipelines.
 </Admonition>
 
 ## Usage
 
-To use [vals](https://github.com/helmfile/vals) environment variables need to be set corresponding to the secrets backend used.
+To use [vals](https://github.com/helmfile/vals), you need to set specific environment variables based on your chosen backend:
+
+- For AWS backends: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
+- For GCP backends: `GOOGLE_APPLICATION_CREDENTIALS`
+- For Azure backends: `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`
+
+Refer to each backend's documentation for the complete list of required credentials.
 
 ```yaml
   {{ atmos.Vals "<reference>" }}
@@ -55,7 +61,13 @@ References are URI-like expressions:
 ref+BACKEND://PATH[?PARAMS][#FRAGMENT][+]
 ```
 
-for mor details, see: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
+For more details, see: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
+
+Common expression patterns:
+
+- AWS Secret: `ref+awssecrets://myapp/dev/secret`
+- Vault Secret: `ref+vault://secret/data/myapp#/mykey`
+- SOPS: `ref+sops://path/to/file#/foo/bar`
 
 ## Supported backends