dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add hashicorp vault (#333)

This commit is contained in:
Yaron Schneider 2020-02-07 15:00:21 -08:00 committed by GitHub
parent 8906a8ad69
commit 4795ec7492
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
howto/setup-secret-store/hashicorp-vault.md Normal file
View File

@ -0,0 +1,66 @@
# Secret Store for Hashicorp Vault
This document shows how to enable Hashicorp Vault secret store using [Dapr Secrets Component](../../concepts/components/secrets.md) for Standalone and Kubernetes mode.
## Create a Hashicorp Vault instance
Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.
For Kubernetes, you can use the Helm Chart: https://github.com/hashicorp/vault-helm.
## Create the Vault component
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: vault
spec:
type: secretstores.hashicorp.vault
metadata:
- name: vaultAddr
value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
- name: caCert # Optional. This or caPath or caPem
value: "[ca_cert]"
- name: caPath # Optional. This or CaCert or caPem
value: "[path_to_ca_cert_file]"
- name: caPem # Optional. This or CaCert or CaPath
value : "[encoded_ca_cert_pem]"
- name: skipVerify # Optional. Default: false
value : "[skip_tls_verification]"
- name: tlsServerName # Optional.
value : "[tls_config_server_name]"
- name: vaultTokenMountPath # Required. Path to token file.
value : "[path_to_file_containing_token]"
- name: vaultKVPrefix # Optional. Default: "dapr"
value : "[vault_prefix]"
```
To deploy in Kubernetes, save the file above to `vault.yaml` and then run:
```
kubectl apply -f vault.yaml
```
When running in self hosted mode, place this file in a `components` directory from the Dapr working directory.
## Vault reference example
This example shows you how to take the Redis password from the Vault secret store.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
spec:
type: state.redis
metadata:
- name: redisHost
value: "[redis]:6379"
- name: redisPassword
secretKeyRef:
name: redisPassword
auth:
secretStore: vault
```

1
howto/setup-secret-store/supported-secret-stores.md
View File

@ -2,3 +2,4 @@
* [Kubernetes](./kubernetes.md)
* [Azure Key Vault](./azure-keyvault.md)
* [Hashicorp Vault](./hashicorp-vault.md)