From 6cd4578a23ffe0fb94632f83a07a25d01f8d6821 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 4 May 2023 09:13:07 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/ci/secrets/id_token_authentication.md | 10 +++++++++-
 doc/ci/yaml/index.md                      |  7 ++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

(limited to 'doc/ci')

diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index c5b19797a05..c1a6282447b 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -130,7 +130,13 @@ manual_authentication:
 You can use ID tokens to automatically fetch secrets from HashiCorp Vault with the
 [`secrets`](../yaml/index.md#secrets) keyword.
 
-### Enable automatic ID token authentication
+<!--- start_remove The following content will be removed on remove_date: '2023-05-11' -->
+
+### Enable automatic ID token authentication (deprecated)
+
+WARNING:
+This setting was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/391886) in GitLab 16.0.
+ID token authentication is now always available, and JSON Web Token access is always limited.
 
 To enable automatic ID token authentication:
 
@@ -139,6 +145,8 @@ To enable automatic ID token authentication:
 1. Expand **Token Access**.
 1. Toggle **Limit JSON Web Token (JWT) access** to enabled.
 
+<!--- end_remove -->
+
 ### Configure automatic ID Token authentication
 
 If one ID token is defined, the `secrets` keyword automatically uses it to authenticate with Vault. For example:
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index 39f979d98d5..9cf718573ec 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -3831,9 +3831,6 @@ job:
 
 Use `secrets:token` to explicitly select a token to use when authenticating with Vault by referencing the token's CI/CD variable.
 
-This keyword has no effect if [**Limit JSON Web Token (JWT) access**](../secrets/id_token_authentication.md#enable-automatic-id-token-authentication)
-is disabled.
-
 **Keyword type**: Job keyword. You can use it only as part of a job.
 
 **Possible inputs**:
@@ -3857,8 +3854,8 @@ job:
 
 **Additional details**:
 
-- When the `token` keyword is not set and **Limit JSON Web Token (JWT) access** enabled, the first ID token
-  is used to authenticate.
+- When the `token` keyword is not set, the first ID token is used to authenticate.
+- In GitLab 15.8 to 15.11, you must enable [**Limit JSON Web Token (JWT) access**](../secrets/id_token_authentication.md#enable-automatic-id-token-authentication-deprecated) for this keyword to be available.
 - When **Limit JSON Web Token (JWT) access** is disabled, the `token` keyword is ignored and the `CI_JOB_JWT`
   CI/CD variable is used to authenticate.
 
-- 
cgit v1.2.3