diff --git a/articles/secret-variables.md b/articles/secret-variables.md index bc1e95b73623..29d298dc2ff0 100644 --- a/articles/secret-variables.md +++ b/articles/secret-variables.md @@ -17,6 +17,8 @@ Examples of sensitive information include: A secret variable can be used in a script or MDM configuration profile by specifying the variable name in the format `$FLEET_SECRET_MYNAME` or `${FLEET_SECRET_MYNAME}`. When the script or profile is sent to the host, Fleet will replace the variable with the actual secret value. The prefix `FLEET_SECRET_` is required to indicate that the variable is a secret, and Fleet reserves this prefix for secret variables. +For macOS and Linux scripts, if a secret doesn't have the `$FLEET_SECRET_` prefix, it will be treated as a local environment variable. + **Example:** ```xml diff --git a/docs/Configuration/yaml-files.md b/docs/Configuration/yaml-files.md index f280b2021d30..969be66e01eb 100644 --- a/docs/Configuration/yaml-files.md +++ b/docs/Configuration/yaml-files.md @@ -284,7 +284,10 @@ controls: - `macos_settings.custom_settings` is a list of paths to macOS configuration profiles (.mobileconfig) or declaration profiles (.json). - `windows_settings.custom_settings` is a list of paths to Windows configuration profiles (.xml). -Fleet supports adding [GitHub environment variables](https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow) in your configuration profiles. Use `$ENV_VARIABLE` format. Variables beginning with `$FLEET_VAR_` are reserved for Fleet server. The server will replace these variables with the actual values when profiles are sent to hosts. See supported variables in the guide [here](https://fleetdm.com/guides/ndes-scep-proxy). +Fleet supports adding [GitHub environment variables](https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow) in your configuration profiles. Use `$ENV_VARIABLE` format. Variables beginning with `$FLEET_VAR_` are reserved for Fleet server. The server will replace these variables with the actual values when profiles are sent to hosts. Supported variables are: +- `$FLEET_VAR_NDES_SCEP_CHALLENGE` +- `$FLEET_VAR_NDES_SCEP_PROXY_URL` +- `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` Use `labels_include_all` to target hosts that have all labels in the array, `labels_include_any` to target hosts that have any label in the array, or `labels_exclude_any` to target hosts that don't have any of the labels in the array. Only one of `labels_include_all`, `labels_include_any`, or `labels_exclude_any` can be specified. If none are specified, all hosts are targeted.