dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moving secrets stores out of use cases

This commit is contained in:
Aaron Schlesinger 2020-05-05 13:51:46 -07:00
parent 566a35b192
commit 5fc96fe2f8
2 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
concepts/secrets/README.md
View File

@ -1,7 +1,13 @@
# Dapr secrets management
Dapr offers developers a consistent way to extract application secrets, without needing to know the specifics of the secret store being used.
Secret stores are components in Dapr. Dapr allows users to write new secret stores component implementations that can be used both to hold secrets for other Dapr components (for example secrets used by a state store components to read/write state) as well as serving the application with a dedicated secret building block API. Using the secrets building block API, you can easily read secrets that can be used by the application from a named secrets store.
Almost all non-trivial applications need to _securely_ store secret data like API keys, database passwords, and more. By nature, these secrets cannot be checked into the version control system, but they also need to be accessible to code running in production. This is generally a hard problem, but it's critical to get it right. Otherwise, critical production systems can be compromised.
Dapr's solution to this problem is the secrets API and secrets stores.
Here's how it works:
- Dapr is set up to use a **secret store** - a place to securely store secret data
- Application code uses the standard Dapr secrets API to retrieve secrets.
Some examples for secret stores include `Kubernetes`, `Hashicorp Vault`, `Azure KeyVault`. See [secret stores](https://github.com/dapr/components-contrib/tree/master/secretstores) for the list of supported stores.

10
use-cases/README.md
View File

@ -40,13 +40,3 @@ Visit the following documents to learn more:
- [More details on mTLS](https://github.com/dapr/docs/blob/master/concepts/security/README.md)
- [How to set up mTLS](https://github.com/dapr/docs/tree/master/howto/configure-mtls)
## Secrets storage
Dapr provides a consistent, secure API for accessing sensitive data, such as private keys for cloud services or database passwords, that your business logic needs. Using secret stores, you can remove secrets from your source code repositories and replace them with references to secrets in a Dapr secret store. Not only is doing so more secure, it also enables best security practices such as [key rotation](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring).
Visit the following documents to learn more:
- [More details on secrets storage](https://github.com/dapr/docs/tree/master/concepts/secrets)
- [How to set up secrets storage](https://github.com/dapr/docs/tree/master/howto/setup-secret-store)