From 22464a58382a4ef13d31785030d3b32efb8babb7 Mon Sep 17 00:00:00 2001
From: Klaas Demter <Klaas-@users.noreply.github.com>
Date: Wed, 26 Apr 2023 21:32:40 +0200
Subject: [PATCH] Enhance secret retrieval documentation (#13914)

---
 docs/credentials/extract_credentials.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/docs/credentials/extract_credentials.md b/docs/credentials/extract_credentials.md
index 66836da067..abbbdad88a 100644
--- a/docs/credentials/extract_credentials.md
+++ b/docs/credentials/extract_credentials.md
@@ -12,8 +12,13 @@ To encrypt secret fields, AWX uses AES in CBC mode with a 256-bit key for encryp
 If necessary, credentials and encrypted settings can be extracted using the AWX shell:
 
 ```python
-# awx-manage shell_plus
+$ awx-manage shell_plus
 >>> from awx.main.utils import decrypt_field
->>> cred = Credential.objects.get(name="my private key")
->>> print(decrypt_field(cred, "ssh_key_data"))
+>>> print(decrypt_field(Credential.objects.get(name="my private key"), "ssh_key_data")) # Example for a credential
+>>> print(decrypt_field(Setting.objects.get(key='SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET'), 'value')) # Example for a setting
 ```
+
+If you are running a kubernetes based deployment, you can execute awx-manage like this:
+```bash
+$ kubectl exec --stdin --tty [instance name]-task-[...] -c [instance name]-task -- awx-manage shell_plus
+```
\ No newline at end of file