docs: How to manage secrets > Label creates confusion between name and label #2284
Description
https://documentation.ubuntu.com/ops/latest/howto/manage-secrets/#when-to-use-labels says
A label is basically the secret’s name (local to the charm),
This is incorrect/misleading: Names are created by users for themselves (which is why only user secrets have a name); in contrast, labels are created by charms for their own use, and will also be different for an owner/manager vs. a consumer. To give some examples that might help:
- name vs. label: I as a user might create a secret and call it "my-api-key". I might configure a charm to use it. The charm might give it a label "vault-api-token".
- label vs. label: Suppose you are a leader unit creating an application secret for peers units to consume -- you'd assign a label as an owner, and then when consuming the secret you'd assign another label as a consumer (because the first time you consume a secret you give it a label).
I know the "basically" and "(local to the charm)" are probably meant to help, but users are still confused.
I suggest rephrasing this to something clearer, e.g.,
A label is a secret tag created locally by charms (whether owners or consumers).
(Note: The "owners" bit seems to be missing from the how-to.)
I will create an issue to address this in Juju docs too, so this paragraph in Ops can just link there for further context, if necessary. >> juju/juju#21633