(DOCSP-20045) Adds includes about secret storage wherever docs talk about K8s secrets (#780)

* (DOCSP-20045) Adds includes about secret storage  wherever docs talk about K8s secrets

* Adds more includes

* Adds tutorial to add secrets to Vault

* Adds link to create vault secret in more places

* Adds include file, updates other pages

* Rebasing

* Adds more changes to TLS pages

* Includes changes from copy review

* Adds YAML steps file for procedure

Author: sarahsimpers

source/includes/facts/fact-if-use-vault.rst

@@ -0,0 +1,2 @@
+If you're using |hashicorp-vault| as your :ref:`secret storage tool <k8s-secret-storage>`, 
+you can :ref:`Create a Vault Secret <create-vault-secret>` instead.

source/includes/facts/fact-learn-more-secret-storage.rst

@@ -0,0 +1,2 @@
+To learn about your options for secret
+storage, see :ref:`Configure Secret Storage <k8s-set-secret-storage-tool>`.

source/includes/list-tables/resource-keys-tls-custom-ca.rst

@@ -31,6 +31,6 @@
        | :setting:`.tls.certsSecretPrefix<spec.security.tls.certsSecretPrefix>`
      - string
      - Optional
-     - If applicable, add the ``<prefix>`` of the |k8s| |k8s-secret| 
+     - If applicable, add the ``<prefix>`` of the secret 
        name that contains your MongoDB deployment's |tls| certificates.
      - ``devDb``

source/includes/list-tables/rs-resource-base-options.rst

@@ -57,7 +57,7 @@
 
    * - :setting:`spec.credentials`
      - string
-     - Name of the |k8s| |k8s-secret| you
+     - Name of the secret you
        :ref:`created <create-k8s-secret>` as |mms| |api|
        authentication credentials for the |k8s-op-short| to
        communicate with |onprem|.

source/includes/prereqs-deploy-resource.rst

@@ -5,10 +5,13 @@ following procedures:
 
 - :ref:`create-k8s-project`
 
-- :ref:`create-k8s-credentials`
+- :ref:`create-k8s-credentials` or 
+  :ref:`configure a different secret storage tool <k8s-set-secret-storage-tool>`
 
 Alternatively, for |cloud|, after installing the Kubernetes Operator, 
 you can use the |cloud-short| :cloudmgr:`UI 
 </tutorial/nav/k8s-config-for-mdb-resource/>` to automatically generate 
 the ConfigMap and Kubernetes secret YAML files, which you can then 
-apply to your Kubernetes environment.
+apply to your Kubernetes environment. 
+
+.. include:: /includes/facts/fact-can-change-secret-storage-tool.rst

source/includes/steps-add-database-user-scram.yaml

@@ -51,7 +51,7 @@ content: |
 
      * - ``spec.passwordSecretKeyRef.name``
        - string
-       - ``metadata.name`` value of the |k8s-secret| that stores the
+       - ``metadata.name`` value of the secret that stores the
          user's password.
        - ``my-resource``
 

source/includes/steps-add-database-user-secret-scram.yaml

@@ -40,6 +40,10 @@ ref: paste-k8s-secret
 content: |
   a. Open your preferred text editor.
   b. Paste this User Secret into a new text file.
+
+  .. include:: /includes/facts/fact-if-use-vault.rst
+
+  .. include:: /includes/facts/fact-learn-more-secret-storage.rst
 ---
 title: "Change the highlighted lines."
 level: 4

source/includes/steps-configure-om-queryable-backups.yaml

@@ -36,6 +36,9 @@ content: |
 
      kubectl create secret generic queryable-pem --from-file=./queryable.pem
 
+  .. include:: /includes/facts/fact-if-use-vault.rst
+
+  .. include:: /includes/facts/fact-learn-more-secret-storage.rst
 ---
 title: "Mount the Secret as a volume that |onprem| custom objects will use."
 stepnum: 4

source/includes/steps-create-vault-secret.yaml

@@ -0,0 +1,91 @@
+---
+stepnum: 1
+level: 4
+ref: have-keys
+title: "Obtain the |onprem| public and private Keys."
+content: |
+
+  Make sure you have the public and private keys for your desired
+  |onprem| |svc-api-key|.
+
+---
+stepnum: 2
+level: 4
+ref: create-vault-secret
+title: "Create the secret in |vault-short|."
+content: |
+
+  Invoke the following |vault-short| command to create your secret, replacing
+  the variables with the values in the table:
+
+   .. list-table::
+       :widths: 30 70
+       :header-rows: 1
+
+       * - Placeholder
+         - Description
+           
+       * - {Namespace}
+         - Label that identifies the namespace where you deployed |k8s-op-short|.
+
+       * - {SecretName}
+         - Human-readable label that identifies the secret you're creating in |vault-short|.
+
+       * - {PublicKey}
+         - The public key for your desired |onprem| |svc-api-key|.
+
+       * - {PrivateKey}
+         - The private key for your desired |onprem| |svc-api-key|.
+
+   .. code-block:: sh
+
+      vault kv put secret/data/mongodbenterprise/operator/{Namespace}/{SecretName} publicKey={PublicKey} privateKey={PrivateKey}
+
+   The path in this command is the default path. You can replace ``mongodbenterprise/operator`` with
+   your base path if you customized your |k8s-op-short| configuration.
+
+---
+stepnum: 3
+level: 4
+ref: verify-vault-secret
+title: "Verify the |vault-short| secret creation was successful."
+content: |
+
+  Invoke the following |vault-short| command to verify your secret, replacing
+  the variables with the values in the following table:
+
+   .. list-table::
+       :widths: 30 70
+       :header-rows: 1
+
+       * - Placeholder
+         - Description
+       
+       * - {Namespace}
+         - Label that identifies the namespace where you deployed |k8s-op-short|.
+
+       * - {SecretName}
+         - Human-readable label that identifies the secret you're creating in |vault-short|.
+
+   .. code-block:: sh
+
+      vault kv get secret/data/mongodbenterprise/operator/{Namespace}/{SecretName}
+
+   This command returns a secret description in the shell:
+
+   .. code-block:: sh
+
+      ====== Metadata ======
+      Key              Value
+      ---              -----
+      created_time     2021-12-15T17:20:22.985303Z
+      deletion_time    n/a
+      destroyed        false
+      version          1
+
+      ======= Data =======
+      Key          Value
+      ---          -----
+      publicKey    {PublicKey} 
+      privateKey   {PrivateKey}
+...

source/includes/steps-deploy-k8s-opsmgr-http.yaml

@@ -74,7 +74,7 @@ content: |
 
       * - :opsmgrkube:`spec.adminCredentials`
         - string
-        - Name of the |k8s-secret| you :ref:`created <om-rsrc-prereqs>`
+        - Name of the secret you :ref:`created <om-rsrc-prereqs>`
           for the |onprem| admin user.
 
           .. note::
@@ -213,7 +213,7 @@ content: |
         | ``.s3SecretRef``
         | ``.``:opsmgrkube:`~spec.backup.s3Stores.s3SecretRef.name`
       - string
-      - Name of the |k8s-secret| that contains the ``accessKey`` and
+      - Name of the secret that contains the ``accessKey`` and
         ``secretKey`` fields. The :ref:`backup-daemon` uses the
         values of these fields as credentials to access the |s3| or
         |s3|-compatible bucket.
@@ -439,8 +439,8 @@ ref: create-credentials
 content: |
 
   If you enabled Backup, you must create an |onprem| organization,
-  generate programmatic API keys, and create a |k8s-secret|. These
-  activities follow the prerequisites and procedure on the
+  generate programmatic API keys, and create a secret in your :ref:`secret-storage-tool <k8s-set-secret-storage-tool>`. 
+  These activities follow the prerequisites and procedure on the
   :ref:`create-k8s-credentials` page.
 
 ---