docs: Add general uri4files feature description (#1194)

* docs: Add general uri4files feature description

Closes #1193

Signed-off-by: Elizabeth J Lee <[email protected]>

docs_src/microservices/general/index.md

@@ -84,3 +84,48 @@ All services have the ability to collect the following common service metrics
 - **SecuritySecretsStored** - Count of secret stored to the service's Secret Store.
 - **SecurityConsulTokensRequested** - Count of Consul tokens been requested.
 - **SecurityConsulTokenDuration** - Duration of obtaining Consul token.
+
+## URI for Files
+
+Different files like configurations, units of measurements, device profiles, device definitions, and provision watchers can be loaded either from the local file system or from a remote location.
+For the remote location, HTTP and HTTPS URIs are supported. When using HTTPS, certificate validation is performed using the system's built-in trust anchors.
+
+### Authentication
+
+#### username-password in URI (not recommended)
+
+Users can specify the username-password (`<username>:<password>@`) in the URI as plain text.
+This is ok network wise when using HTTPS, but if the credentials are specified in configuration or other service files, this is not a good practice to follow.
+
+!!! example "Example - configuration file with plain text `username-password` in URI"
+    ```
+        [UoM]
+        UoMFile = "https://myuser:[email protected]/uom.yaml"
+    ```
+
+#### Secure Credentials (preferred)
+
+The `edgexSecretName` query parameter can be specified in the URI as a secure way for users to specify credentials.
+When running in secure mode, this parameter specifies a Secret Name from the service's Secret Store where the credentials must be [seeded](../../security/SeedingServiceSecrets.md#seeding-service-secrets).
+If insecure mode is running, `edgexSecretName` must be specified in the [InsecureSecrets](../configuration/CommonConfiguration.md#common-configuration-properties) section of the configuration.
+
+!!! example "Example - configuration file with `edgexSecretName` query parameter"
+    ```
+    [UoM]
+    UoMFile = "https://example.com/uom.yaml?edgexSecretName=mySecretName"
+    ```
+
+The authentication type and credentials are contained in the secret data specified by the Secret Name.
+Only `httpheader` is currently supported. The `headername` specifies the authentication method (ie Basic Auth, API-Key, Bearer)
+
+!!! example "Example - secret data using `httpheader`"
+    ```
+    type=httpheader
+    headername=<name>
+    headercontents=<contents>
+    ```
+    For a request header set as:
+    ```
+    GET https://example.com/uom.yaml HTTP/1.1
+    <name>: <contents>
+    ```

docs_src/security/SeedingServiceSecrets.md

@@ -78,10 +78,10 @@ During service start-up, after `SecretStore` initialization, the service's secre
     }
     ```
 
-The secrets marked with `imported=true` are ignored the next time the service starts up since they are already in the the service's `SecretStore`.  If the Secret Store service's persistence is cleared, the original version of service's secrets file will need to be provided for the next time the service starts up.
+The secrets marked with `imported=true` are ignored the next time the service starts up since they are already in the service's `SecretStore`.  If the Secret Store service's persistence is cleared, the original version of service's secrets file will need to be provided for the next time the service starts up.
 
 !!! note
-    The secrets file must be have write permissions for the file to be scrubbed of the secret data. If not the service with fail to start-up with an error re-writing the file.
+    The secrets file must have write permissions for the file to be scrubbed of the secret data. If not the service will fail to start-up with an error re-writing the file.
 
 ## Disable Scrubbing