From 9051058b1ac4998b7e4e034ab84e6f87eb25d680 Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Wed, 28 Apr 2021 09:06:33 -0700 Subject: [PATCH] Update daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md --- .../supported-secret-stores/azure-keyvault.md | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md index 8e5dab046..eafc94aa0 100644 --- a/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md +++ b/daprdocs/content/en/reference/components-reference/supported-secret-stores/azure-keyvault.md @@ -45,22 +45,23 @@ The above example uses secrets as plain strings. It is recommended to use a loca ### Self-Hosted -| Field | Required | Details | Example | -|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------| -| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` | -| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` | -| spnClientId | Y | Service Principal App Id | `"spnAppId"` | -| spnCertificateFile | Y | PFX certificate file path.

For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`.

For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`.

See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` | +| Field | Required | Details | Example | +|--------------------|:--------:|---------|---------| +| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` +| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` +| spnClientId | Y | Service Principal App Id | `"spnAppId"` +| spnCertificateFile | Y | PFX certificate file path.

For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`.

For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`.

See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` ### Kubernetes -| Field | Required | Details | Example | -|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------| -| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` | -| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` | -| spnClientId | Y | Service Principal App Id | `"spnAppId"` | -| spnCertificate | Y | Store the certificate for the service principal into the Kubernetes Secret Store.

kubectl create secret generic [secretName] --from-file=[secretKey]=[fully_qualified_local_path]

See [configure the component](#configure-the-component) for more details | See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components | +| Field | Required | Details | Example | +|----------------|:--------:|---------|---------| +| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` +| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` +| spnClientId | Y | Service Principal App Id | `"spnAppId"` +| spnCertificate | Y | PKCS 12 encoded bytes of the certificate. See [configure the component](#configure-the-component) for details on encoding this in a Kubernetes secret. | `secretKeyRef: ...`
See [configure the component](#configure-the-component) for more information. + ## Setup Key Vault and service principal