DOC-1401 RPCN Secrets navigation change in UI

[micheleRP]

Description

Secret Management Documentation Improvements:

• Unified and simplified Cloud UI instructions for creating, updating, and deleting secrets, removing cluster-type distinctions and referencing the new Secrets Store page. [1] [2] [3]
• Updated instructions for adding secrets to pipelines, including a new quick-add Secret button in the Cloud UI and clearer API usage examples.

Resource Management Prerequisites:

• Simplified the cluster prerequisites by removing references to cluster types BYOVPC/BYOVNet, which are now supported.

Resolves https://redpandadata.atlassian.net/browse/DOC-1401
Review deadline:

Page previews

Manage Secrets

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	121adfb
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/689a58ad8fa0b600082c90ea
😎 Deploy Preview	https://deploy-preview-386--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

• Updated resource-management.adoc prerequisite to allow BYOC clusters regardless of BYOVPC/BYOVNet status.
• Rewrote secret-management.adoc to reflect new Cloud UI navigation and unified “Secrets Store” terminology across flows.
• Consolidated and simplified steps for creating, updating, deleting, and using secrets via Cloud UI and Data Plane API.
• Updated API examples (headers for POST/PUT, consistent payload fields: id, scopes, secret_data).
• Standardized formatting and cross-references across the Secrets documentation.

Sequence Diagram(s)

sequenceDiagram
  actor User
  participant CloudUI as Cloud UI (Secrets Store)
  participant API as Data Plane API
  participant Pipeline as Data Pipeline Service

  User->>CloudUI: Navigate to Secrets Store
  User->>CloudUI: Create/Update/Delete Secret (ID, Value, Scopes)
  CloudUI->>API: POST/PUT/DELETE /v1/secrets
  API-->>CloudUI: Success/Failure

  User->>CloudUI: Create/Edit Data Pipeline
  CloudUI->>Pipeline: Configure connector with secret reference
  Pipeline->>API: Retrieve secret by ID (scoped)
  API-->>Pipeline: Secret value

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Update Secrets navigation to reflect it is no longer nested under RPCN and show the new navigation (DOC-1401)	✅

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Relaxed prerequisite from “BYOC (not BYOVPC/BYOVNet) or Dedicated” to “BYOC or Dedicated” (modules/develop/pages/connect/configuration/resource-management.adoc)	This change affects resource management prerequisites and is unrelated to the Secrets navigation update in DOC-1401.

Possibly related PRs

• DOC-1519 BYOVNet replace for Azure #364: Also updates resource-management.adoc and secret-management.adoc with BYOVPC/BYOVNet prerequisite wording changes.
• DOC-1336 Document feature Expose NAT Gateway IP in the BYOC cluster UI #361: Adjusts BYOVPC→BYOVNet terminology and BYOC-related documentation, overlapping with prerequisite and UI notes.
• BYOVPC support for secrets and Iceberg REST catalogs  #313: Modifies secrets management docs with BYOVPC-specific enablement and navigation updates, overlapping with Secrets content.

Suggested reviewers

• kbatuigas
• andresaristizabal
• tomasz-sadura

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DOC-1401-RPCN-Secrets-navigation-change-in-UI

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

modules/develop/pages/connect/configuration/resource-management.adoc (1)

179-193: Fix invalid curl example JSON and smart quotes; current sample won’t parse.

• The block attribute uses smart quotes: role=“no-placeholders”.
• The JSON payload is malformed (missing/extra commas) and includes stray backslashes from line continuations inside the JSON string.

Apply this diff to correct the block attribute and payload:

-[,bash,role=“no-placeholders”]
+[source,bash,role="no-placeholders"]
 ----
 curl -X PUT "https://<data-plane-api-url>/v1/redpanda-connect/pipelines/xxx..." \
  -H 'accept: application/json'\
  -H 'authorization: Bearer xxx...' \
  -H "content-type: application/json" \
- -d '{"config_yaml":"input:\n generate:\n   interval: 1s\n   mapping: |\n     root.id = uuid_v4()\n     root.   user.name = fake(\"name\")\n     root.user.email = fake(\"email\")\n     root.content = fake(\"paragraph\")\n\npipeline:\n processors:\n   - mutation: |\n       root.title = \"PRIVATE AND CONFIDENTIAL\"\n\noutput:\n kafka_franz:\n   seed_brokers:\n     - seed-j888.byoc.prd.cloud.redpanda.com:9092\n   sasl:\n     - mechanism: SCRAM-SHA-256\n       password: password\n       username: connect\n   topic: processed-emails\n   tls:\n     enabled: true\n", \
-    "description":"Email processor", \ 
-    "display_name":"emailprocessor-pipeline", \
-    "resources":{ \
-        "memory_shares":"800M" \
-        "cpu_shares":"200m", \
-        } \
-      }' 
+ -d '{
+   "config_yaml": "input:\n generate:\n   interval: 1s\n   mapping: |\n     root.id = uuid_v4()\n     root.user.name = fake(\"name\")\n     root.user.email = fake(\"email\")\n     root.content = fake(\"paragraph\")\n\npipeline:\n  processors:\n    - mutation: |\n        root.title = \"PRIVATE AND CONFIDENTIAL\"\n\noutput:\n  kafka_franz:\n    seed_brokers:\n      - seed-j888.byoc.prd.cloud.redpanda.com:9092\n    sasl:\n      mechanism: SCRAM-SHA-256\n      password: password\n      username: connect\n    topic: processed-emails\n    tls:\n      enabled: true\n",
+   "description": "Email processor",
+   "display_name": "emailprocessor-pipeline",
+   "resources": {
+     "memory_shares": "800M",
+     "cpu_shares": "200m"
+   }
+ }'
 ----

🧹 Nitpick comments (5)

modules/develop/pages/connect/configuration/resource-management.adoc (1)

145-147: Minor grammar fix: add “in”.

“are displayed milliCPU” → “are displayed in milliCPU”.

-* CPU resources (`cpu_shares`) are displayed milliCPU. For example, `1` compute unit is `100m` or 0.1 CPU.
+* CPU resources (`cpu_shares`) are displayed in milliCPU. For example, `1` compute unit is `100m` or 0.1 CPU.

modules/develop/pages/connect/configuration/secret-management.adoc (4)

21-23: Add a short visibility note for Secrets Store (helps users who don’t see it).

 . Log in to https://cloud.redpanda.com[Redpanda Cloud^].
-. Go to the **Secrets Store** page.
+. Go to the **Secrets Store** page.
++
+[NOTE]
+====
+If you don’t see the Secrets Store page, contact Redpanda Support to enable it for your organization.
+====

---

24-27: Document ID naming constraints here to match API rules.

Prevents UI/API mismatch later.

-. For **ID**, enter a name for the secret. You cannot rename the secret once it is created.
+. For **ID**, enter a name for the secret. You cannot rename the secret once it is created. The ID must start with an uppercase letter and contain only uppercase letters, digits, or underscores.

---

55-57: Clarify Base64 requirement with a quick example.

Adds a one-liner users can copy.

 - `<secret-value>`: The Base64-encoded secret.
 - This scope: `"SCOPE_REDPANDA_CONNECT"`.
 +
+For example, to Base64-encode a value:
+
+[source,bash]
+----
+echo -n 'my-secret-value' | base64
+----

---

164-166: Clarify where the quick-add “Secret” button is located.

Tiny tweak for discoverability in the UI.

-. Click the quick-add **Secret** button to add a new or existing secret to the pipeline.
+. Click the quick-add **Secret** button (in the configuration editor toolbar) to add a new or existing secret to the pipeline.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60f722d and 16e4e2a.

📒 Files selected for processing (2)

• modules/develop/pages/connect/configuration/resource-management.adoc (1 hunks)
• modules/develop/pages/connect/configuration/secret-management.adoc (6 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Redirect rules - rp-cloud
• GitHub Check: Header rules - rp-cloud
• GitHub Check: Pages changed - rp-cloud

🔇 Additional comments (1)

modules/develop/pages/connect/configuration/resource-management.adoc (1)

9-9: BYOVPC/BYOVNet support reflected — looks good.

Change aligns with DOC-1401 goals and unified prerequisites.

[paulohtb6]

should we try to tell them where? Or we're being purposefuly vague here because this is documenting a 3rd party product (style guide + high risk of going out-of-date)?