Merge branch 'vault-security' into 'master'

Add docs for Vault Managed App Security Risk See merge request gitlab-org/gitlab!44297

Merge branch 'vault-security' into 'master'
Add docs for Vault Managed App Security Risk See merge request gitlab-org/gitlab!44297
1972de01 · Nick Gaskill · 25a6603d · 682fdb77 · 1972de01
Commit 1972de01 authored Oct 05, 2020 by Nick Gaskill
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

doc/user/clusters/applications.md doc/user/clusters/applications.md +4 -1

No files found.
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -1108,7 +1108,10 @@ used in your applications, GitLab CI/CD jobs, and more. It could also serve as a
 providing SSL/TLS certificates to systems and deployments in your infrastructure. Leveraging
 Vault as a single source for all these credentials allows greater security by having
 a single source of access, control, and auditability around all your sensitive
-credentials and certificates.
+credentials and certificates. This feature requires giving GitLab the highest level of access and
+control. Therefore, if GitLab is compromised, the security of this Vault instance is as well. To
+avoid this security risk, GitLab recommends using your own HashiCorp Vault to leverage
+[external secrets with CI](../../ci/secrets/index.md).

 To install Vault, enable it in the `.gitlab/managed-apps/config.yaml` file: