Include keystore example in the docs

docs/resources/deployment.md

@@ -242,6 +242,71 @@ resource "ec_deployment" "ccs" {
 }
 ```
 
+### With Keystore
+
+```terraform
+# Retrieve the latest stack pack version
+data "ec_stack" "latest" {
+  version_regex = "latest"
+  region        = "us-east-1"
+}
+
+# Create an Elastic Cloud deployment with keystore
+resource "ec_deployment" "with_keystore" {
+  name = "example_with_keystore"
+
+  region                 = "us-east-1"
+  version                = data.ec_stack.latest.version
+  deployment_template_id = "aws-io-optimized-v2"
+
+  elasticsearch = {
+    hot = {
+      autoscaling = {}
+    }
+
+    config = {
+      user_settings_yaml = <<EOF
+xpack.security.authc.realms.oidc.oidc1:
+  order: 1
+  rp.client_id: "<client-id>"
+  rp.response_type: "code"
+  rp.requested_scopes: ["openid", "email"]
+  rp.redirect_uri: "<KIBANA_ENDPOINT_URL>/api/security/oidc/callback"
+  op.issuer: "<YOUR_OKTA_DOMAIN>"
+  op.authorization_endpoint: "<YOUR_OKTA_DOMAIN>/oauth2/v1/authorize"
+  op.token_endpoint: "<YOUR_OKTA_DOMAIN>/oauth2/v1/token"
+  op.userinfo_endpoint: "<YOUR_OKTA_DOMAIN>/oauth2/v1/userinfo"
+  op.endsession_endpoint: "<YOUR_OKTA_DOMAIN>/oauth2/v1/logout"
+  op.jwkset_path: "<YOUR_OKTA_DOMAIN>/oauth2/v1/keys"
+  claims.principal: email
+  claim_patterns.principal: "^([^@]+)@elastic\\.co$"
+EOF
+    }
+
+    keystore_contents = {
+      "xpack.security.authc.realms.oidc.oidc1.rp.client_secret" = {
+        value = "secret-1"
+      }
+    }
+  }
+
+  kibana = {
+    zone_count = 1
+    config = {
+      user_settings_yaml = <<EOF
+xpack.security.authc.providers:
+  oidc.oidc1:
+    order: 0
+    realm: oidc1
+    description: "Log in with Okta"
+  basic.basic1:
+    order: 1
+EOF
+    }
+  }
+}
+```
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -265,8 +330,8 @@ resource "ec_deployment" "ccs" {
 -> **Note on disabling Kibana** While optional it is recommended deployments specify a Kibana block, since not doing so might cause issues when modifying or upgrading the deployment. (see [below for nested schema](#nestedatt--kibana))
 - `migrate_to_latest_hardware` (Boolean) When set to true, the deployment will be updated according to the latest deployment template values.
 
-~> **Note** If the <code>instance_configuration_id</code> or <code>instance_configuration_version</code> fields are set for a specific topology element, that element will not be updated when <code>migrate_to_latest_hardware</code> is set to <code>true</code>.
-~> **Note** Hardware migrations, either caused by updating the <code>deployment_template_id</code> field or setting <code>migrate_to_latest_hardware</code> to <code>true</code>, are not supported for deployments with <code>node_type</code>. To perform such migrations, the deployment needs to be [migrated to node_roles](https://www.elastic.co/guide/en/cloud-enterprise/current/ce-add-support-for-node-roles-and-autoscaling.html#ece-migrating-a-deployment-to-node-roles) first.
+~> **Note** If the <code>instance_configuration_id</code> or <code>instance_configuration_version</code> fields are set for a specific topology element, that element will not be updated.
+~> **Note** Hardware migrations are not supported for deployments with node types. To use this field, the deployment needs to be migrated to node roles first.
 - `name` (String) Name for the deployment
 - `observability` (Attributes) Observability settings that you can set to ship logs and metrics to a deployment. The target deployment can also be the current deployment itself by setting observability.deployment_id to `self`. (see [below for nested schema](#nestedatt--observability))
 - `request_id` (String) Request ID to set when you create the deployment. Use it only when previous attempts return an error and `request_id` is returned as part of the error.

templates/resources/deployment.md.tmpl

@@ -47,6 +47,10 @@ observability = {
 
 {{ tffile "examples/resources/ec_deployment/with-ccs/deployment.tf" }}
 
+### With Keystore
+
+{{ tffile "examples/resources/ec_deployment/with-keystore/deployment.tf" }}
+
 {{ .SchemaMarkdown | trimspace }}
 
 ## Import