Adding local secret store example

2020-12-22 11:08:01 -08:00 · 2020-12-22 11:08:01 -08:00 · 0e5ca5d0e0
parent df7320ccbc
commit 0e5ca5d0e0
1 changed files with 63 additions and 11 deletions
--- a/daprdocs/content/en/developing-applications/building-blocks/secrets/howto-secrets.md
+++ b/daprdocs/content/en/developing-applications/building-blocks/secrets/howto-secrets.md
@ -8,17 +8,60 @@ description: "Use the secret store building block to securely retrieve a secret"
 This article provides guidance on using Dapr's secrets API in your code to leverage the [secrets store building block]({{<ref secrets-overview>}}). The secrets API allows you to easily retrieve secrets in your application code from a configured secret store. 
-## Prerequisites
+## Set up a secret store
-Before retrieving secrets in your application's code, you must have a secret store component configured. See guidance on [how to configure a secret store]({{<ref secret-stores-overview>}}) and review [supported secret stores]({{< ref supported-secret-stores >}}) to see specific details required for different secret store solutions.
+Before retrieving secrets in your application's code, you must have a secret store component configured. For the purposes of this guide, as an example you will configure a local secret store which uses a local JSON file to store secrets.
-## Calling the secrets API
+>Note: The component used in this example is not secured and is not recommended for production deployments. You can find other alternatives [here]({{<ref supported-secret-stores >}}).
-Once you have a secret store set up, you can call Dapr to get the secrets for a given key for a specific secret store.
+Create a file named `secrets.json` with the following contents:
 ```json
 {
   "my-secret" : "I'm Batman"
 }
 ```
 Create a directory for your components file named `components` and inside it create a file named `localSecretStore.yaml` with the following contents:
 ```yaml
 apiVersion: dapr.io/v1alpha1
 kind: Component
 metadata:
  name: my-secrets-store
  namespace: default
 spec:
  type: secretstores.local.file
  version: v1
  metadata:
  - name: secretsFile
    value: <PATH TO SECRETS FILE>/secrets.json
  - name: nestedSeparator
    value: ":"
 ```
 Make sure to replace `<PATH TO SECRETS FILE>` with the path to the JSON file you just created.
 To configure a different kind of secret store see the guidance on [how to configure a secret store]({{<ref secret-stores-overview>}}) and review [supported secret stores]({{<ref supported-secret-stores >}}) to see specific details required for different secret store solutions.
 ## Get a secret
 Now run the Dapr sidecar (with no application)
 ```bash
 dapr run --app-id my-app --port 3500 --components-path ./components
 ```
 And now you can get the secret by calling the Dapr sidecar using the secrets API:
 ```bash
 curl http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret
 ```
 For a full API reference, go [here]({{< ref secrets_api.md >}}).
-Here are a few examples in different programming languages:
+## Calling the secrets API from your code
 Once you have a secret store set up, you can call Dapr to get the secrets from your application code. Here are a few examples in different programming languages:
 {{< tabs "Go" "Javascript" "Python" "Rust" "C#" >}}
@ -30,7 +73,7 @@ import (
 )
 func main() {
-  url := "http://localhost:3500/v1.0/secrets/kubernetes/my-secret"
+  url := "http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret"
  res, err := http.Get(url)
  if err != nil {
@ -51,7 +94,7 @@ func main() {
 require('isomorphic-fetch');
 const secretsUrl = `http://localhost:3500/v1.0/secrets`;
-fetch(`${secretsUrl}/kubernetes/my-secret`)
+fetch(`${secretsUrl}/my-secrets-store/my-secret`)
        .then((response) => {
            if (!response.ok) {
                throw "Could not get secret";
@ -69,7 +112,7 @@ fetch(`${secretsUrl}/kubernetes/my-secret`)
 ```python
 import requests as req
-resp = req.get("http://localhost:3500/v1.0/secrets/kubernetes/my-secret")
+resp = req.get("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret")
 print(resp.text)
 ```
@ -84,7 +127,7 @@ use std::{thread};
 #[tokio::main]
 async fn main() -> Result<(), reqwest::Error> {
-    let res = reqwest::get("http://localhost:3500/v1.0/secrets/kubernetes/my-secret").await?;
+    let res = reqwest::get("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret").await?;
    let body = res.text().await?;
    println!("Secret:{}", body);
@ -100,7 +143,7 @@ async fn main() -> Result<(), reqwest::Error> {
 ```csharp
 var client = new HttpClient();
-var response = await client.GetAsync("http://localhost:3500/v1.0/secrets/kubernetes/my-secret");
+var response = await client.GetAsync("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret");
 response.EnsureSuccessStatusCode();
 string secret = await response.Content.ReadAsStringAsync();
@ -109,3 +152,12 @@ Console.WriteLine(secret);
 {{% /codetab %}}
 {{< /tabs >}}
 ## Related links
 - [Dapr secrets overview]({{<ref secrets-overview>}})
 - [Secrets API reference]({{<ref secrets_api>}})
 - [Configure a secret store]({{<ref secret-stores-overview>}})
 - [Supported secrets]({{<ref secret-stores-overview>}})
 - [Using secrets in components]({{<ref component-secrets>}})
 - [Secret stores quickstart](https://github.com/dapr/quickstarts/tree/master/secretstore)