From b6903fb524a34d37819040a0808d04adca4b50fd Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Fri, 24 May 2024 19:28:39 +0000
Subject: [PATCH] backport of commit e6c9bbbd478f4cd1b994e115bd7e3889d92152ea

---
 website/content/api-docs/secret/pki.mdx | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/website/content/api-docs/secret/pki.mdx b/website/content/api-docs/secret/pki.mdx
index 767ac796dfac..1329084b17bc 100644
--- a/website/content/api-docs/secret/pki.mdx
+++ b/website/content/api-docs/secret/pki.mdx
@@ -4901,10 +4901,11 @@ $ curl \
 ```json
 {
   "data": {
+    "audit_fields": ["common_name", "alt_names", "ip_sans", "uri_sans"],
     "authenticators": {
       "cert": {
         "accessor": "auth_cert_7fe0c1cc",
-        "cert_role": ""
+        "cert_role": "est-ca"
       },
       "userpass": {
         "accessor": "auth_userpass_2b333949"
@@ -4912,9 +4913,10 @@ $ curl \
     },
     "default_mount": true,
     "default_path_policy": "sign-verbatim",
+    "enable_sentinel_parsing": true,
     "enabled": true,
     "label_to_path_policy": {
-      "test-label": "roles/est-clients"
+      "test-label": "role:est-clients"
     },
     "last_updated": "2024-01-31T10:45:22-05:00"
   }
@@ -4954,6 +4956,12 @@ updated values as a response along with an updated `last_updated` field.
 - `enable_sentinel_parsing` `(bool: false)` - Parse out fields from the provided CSR making them available for
  Sentinel policies.
 
+- `audit_fields` `(list: ["common_name", "alt_names", "ip_sans", "uri_sans"])` - Fields parsed from the CSR that
+ appear in the audit and can be used by sentinel policies. Allowed values are `csr`, `common_name`, `alt_names`,
+ `ip_sans`, `uri_sans`, `other_sans`, `signature_bits`, `exclude_cn_from_sans`, `ou`, `organization`, `country`,
+ `locality`, `province`, `street_address`, `postal_code`, `serial_number`, `use_pss`, `key_type`, `key_bits`,
+ `add_basic_constraints`
+
 #### Sample Payload
 
 ```json
@@ -4972,7 +4980,9 @@ updated values as a response along with an updated `last_updated` field.
     "userpass": {
       "accessor": "auth_userpass_b2b08fac"
     }
-  }
+  },
+  "enable_sentinel_parsing": true,
+  "audit_fields": ["common_name", "alt_names", "ip_sans", "uri_sans"]
 }
 ```