[Config] Document the 'credentials' option

**Product:** Tarantool
**Since:** 3.0
**Root document:** https://www.tarantool.io/en/doc/latest/reference/configuration/configuration_reference/#credentials
**SME:** @ Totktonada
**Related doc issues:** https://github.com/tarantool/doc/issues/3953, https://github.com/tarantool/doc/issues/3628

# Details

A new `credentials` section introduced in a new YAML configuration requires documenting what are users, roles, and privileges. Currently this information lives in the [Access control](https://www.tarantool.io/en/doc/latest/book/admin/access_control/) topic related to user administration.

Given that we need earlier introduction of access control concepts, we can have the following content structure:

1) Add a new `Credentials` topic in the [Configuration](https://www.tarantool.io/en/doc/latest/concepts/configuration/) section. This topic describes specific of configuring service users (replication, sharding). All the concepts (users, roles, and privileges) are described in the existing `Access control` topic.
   - In a new topic, mention how to extract passwords from env variables and external files: https://github.com/tarantool/doc/issues/3954
2) Update [Access control](https://www.tarantool.io/en/doc/latest/book/admin/access_control/) to make it clearer. The [Privileges and Access Control explained](https://github.com/tarantool/tarantool/wiki/Privileges-and-Access-Control-explained) page might be very helpful here.
   - Add information about [new privileges](https://github.com/tarantool/doc/issues/3628).
   - Mention that specific roles ([sharding](https://github.com/tarantool/doc/issues/3953), replication) should be used for a cluster config (a new `Credentials` topic).
3) Reference page: 
    -   document all the options in the [credentials](https://www.tarantool.io/en/doc/latest/reference/configuration/configuration_reference/#credentials) section. See [instance_config.lua](https://github.com/tarantool/tarantool/blob/f58bfc97c627f1838696697339fb3e443c05767a/src/box/lua/config/instance_config.lua#L1499).
    - document new `config.context` options used to load secrets from safe storage. See [instance_config.lua](https://github.com/tarantool/tarantool/blob/f58bfc97c627f1838696697339fb3e443c05767a/src/box/lua/config/instance_config.lua#L602).

# Related admin functions

- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_create/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_grant/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_revoke/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/role_grant/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/role_revoke/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_password/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_passwd/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/user_info/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_schema/role_info/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_space/_user/
- https://www.tarantool.io/en/doc/latest/reference/reference_lua/box_space/_priv/



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Config] Document the 'credentials' option #3666

Details

Related admin functions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Config] Document the 'credentials' option #3666

Description

Details

Related admin functions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions