dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor supported component pages, refactor secret store docs (#1129) 

* Fix supported pub/sub, secret stores page.

* add alias

* Update _index.md

* Update kubernetes-secret-store.md

* Update _index.md

* Update setup-nats-streaming.md

* refactor secret store docs

* Update azure-keyvault.md

* Update azure-keyvault-managed-identity.md

* Update aws-secret-manager.md

* Update file-secret-store.md

* Update gcp-secret-manager.md

* Update hashicorp-vault.md

* Update kubernetes-secret-store.md

Co-authored-by: Ori Zohar <orzohar@microsoft.com>
Co-authored-by: Mark Fussell <mfussell@microsoft.com>
This commit is contained in:
Mukundan Sundararajan 2021-01-29 14:59:45 -08:00 committed by GitHub
parent 03a92db1c2
commit ac20cf5aab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 331 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
daprdocs/content/en/operations/components/setup-bindings/supported-bindings/_index.md
View File

@ -12,47 +12,47 @@ Every binding has its own unique set of properties. Click the name link to see t
| Name | Input<br>Binding | Output<br>Binding | Status |
|------|:----------------:|:-----------------:|--------|
| [APNs]({{< ref apns.md >}}) | | ✅ | Experimental |
| [Cron (Scheduler)]({{< ref cron.md >}}) | ✅ | ✅ | Experimental |
| [HTTP]({{< ref http.md >}}) | | ✅ | Experimental |
| [InfluxDB]({{< ref influxdb.md >}}) | | ✅ | Experimental |
| [Kafka]({{< ref kafka.md >}}) | ✅ | ✅ | Experimental |
| [Kubernetes Events]({{< ref "kubernetes-binding.md" >}}) | ✅ | | Experimental |
| [MQTT]({{< ref mqtt.md >}}) | ✅ | ✅ | Experimental |
| [MySQL]({{< ref mysql.md >}}) | | ✅ | Experimental |
| [PostgreSql]({{< ref postgres.md >}}) | | ✅ | Experimental |
| [Postmark]({{< ref postmark.md >}}) | | ✅ | Experimental |
| [RabbitMQ]({{< ref rabbitmq.md >}}) | ✅ | ✅ | Experimental |
| [Redis]({{< ref redis.md >}}) | | ✅ | Experimental |
| [Twilio]({{< ref twilio.md >}}) | | ✅ | Experimental |
| [Twitter]({{< ref twitter.md >}}) | ✅ | ✅ | Experimental |
| [SendGrid]({{< ref sendgrid.md >}}) | | ✅ | Experimental |
| [Apple Push Notifications (APN)]({{< ref apns.md >}}) | | ✅ | Alpha |
| [Cron (Scheduler)]({{< ref cron.md >}}) | ✅ | ✅ | Alpha |
| [HTTP]({{< ref http.md >}}) | | ✅ | Alpha |
| [InfluxDB]({{< ref influxdb.md >}}) | | ✅ | Alpha |
| [Kafka]({{< ref kafka.md >}}) | ✅ | ✅ | Alpha |
| [Kubernetes Events]({{< ref "kubernetes-binding.md" >}}) | ✅ | | Alpha |
| [MQTT]({{< ref mqtt.md >}}) | ✅ | ✅ | Alpha |
| [MySQL]({{< ref mysql.md >}}) | | ✅ | Alpha |
| [PostgreSql]({{< ref postgres.md >}}) | | ✅ | Alpha |
| [Postmark]({{< ref postmark.md >}}) | | ✅ | Alpha |
| [RabbitMQ]({{< ref rabbitmq.md >}}) | ✅ | ✅ | Alpha |
| [Redis]({{< ref redis.md >}}) | | ✅ | Alpha |
| [Twilio]({{< ref twilio.md >}}) | | ✅ | Alpha |
| [Twitter]({{< ref twitter.md >}}) | ✅ | ✅ | Alpha |
| [SendGrid]({{< ref sendgrid.md >}}) | | ✅ | Alpha |
### Amazon Web Services (AWS)
| Name | Input<br>Binding | Output<br>Binding | Status |
|------|:----------------:|:-----------------:|--------|
| [AWS DynamoDB]({{< ref dynamodb.md >}}) | | ✅ | Experimental |
| [AWS S3]({{< ref s3.md >}}) | | ✅ | Experimental |
| [AWS SNS]({{< ref sns.md >}}) | | ✅ | Experimental |
| [AWS SQS]({{< ref sqs.md >}}) | ✅ | ✅ | Experimental |
| [AWS Kinesis]({{< ref kinesis.md >}}) | ✅ | ✅ | Experimental |
| [AWS DynamoDB]({{< ref dynamodb.md >}}) | | ✅ | Alpha |
| [AWS S3]({{< ref s3.md >}}) | | ✅ | Alpha |
| [AWS SNS]({{< ref sns.md >}}) | | ✅ | Alpha |
| [AWS SQS]({{< ref sqs.md >}}) | ✅ | ✅ | Alpha |
| [AWS Kinesis]({{< ref kinesis.md >}}) | ✅ | ✅ | Alpha |
### Google Cloud Platform (GCP)
| Name | Input<br>Binding | Output<br>Binding | Status |
|------|:----------------:|:-----------------:|--------|
| [GCP Cloud Pub/Sub]({{< ref gcppubsub.md >}}) | ✅ | ✅ | Experimental |
| [GCP Storage Bucket]({{< ref gcpbucket.md >}}) | | ✅ | Experimental |
| [GCP Cloud Pub/Sub]({{< ref gcppubsub.md >}}) | ✅ | ✅ | Alpha |
| [GCP Storage Bucket]({{< ref gcpbucket.md >}}) | | ✅ | Alpha |
### Microsoft Azure
| Name | Input<br>Binding | Output<br>Binding | Status |
|------|:----------------:|:-----------------:|--------|
| [Azure Blob Storage]({{< ref blobstorage.md >}}) | | ✅ | Experimental |
| [Azure CosmosDB]({{< ref cosmosdb.md >}}) | | ✅ | Experimental |
| [Azure Event Grid]({{< ref eventgrid.md >}}) | ✅ | ✅ | Experimental |
| [Azure Event Hubs]({{< ref eventhubs.md >}}) | ✅ | ✅ | Experimental |
| [Azure Service Bus Queues]({{< ref servicebusqueues.md >}}) | ✅ | ✅ | Experimental |
| [Azure SignalR]({{< ref signalr.md >}}) | | ✅ | Experimental |
| [Azure Storage Queues]({{< ref storagequeues.md >}}) | ✅ | ✅ | Experimental |
| [Azure Blob Storage]({{< ref blobstorage.md >}}) | | ✅ | Alpha |
| [Azure CosmosDB]({{< ref cosmosdb.md >}}) | | ✅ | Alpha |
| [Azure Event Grid]({{< ref eventgrid.md >}}) | ✅ | ✅ | Alpha |
| [Azure Event Hubs]({{< ref eventhubs.md >}}) | ✅ | ✅ | Alpha |
| [Azure Service Bus Queues]({{< ref servicebusqueues.md >}}) | ✅ | ✅ | Alpha |
| [Azure SignalR]({{< ref signalr.md >}}) | | ✅ | Alpha |
| [Azure Storage Queues]({{< ref storagequeues.md >}}) | ✅ | ✅ | Alpha |

35
daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/_index.md
View File

@ -4,5 +4,36 @@ title: "Supported pub/sub components"
linkTitle: "Supported pub/sub"
weight: 30000
description: List of all the supported external pubsub brokers that can interface with Dapr
simple_list: true
---
no_list: true
---
### Generic
| Name | Status |
|-------------------------------------------------------|--------|
| [Apache Kafka]({{< ref setup-apache-kafka.md >}}) | Alpha |
| [Hazelcast]({{< ref setup-hazelcast.md >}}) | Alpha |
| [MQTT]({{< ref setup-mqtt.md >}}) | Alpha |
| [NATS Streaming]({{< ref setup-nats-streaming.md >}}) | Alpha |
| [Pulsar]({{< ref setup-pulsar.md >}}) | Alpha |
| [RabbitMQ]({{< ref setup-rabbitmq.md >}}) | Alpha |
| [Redis Streams]({{< ref setup-redis-pubsub.md >}}) | Alpha |
### Amazon Web Services (AWS)
| Name | Status |
|---------------------------------------------------|--------|
| [AWS SNS/SQS]({{< ref setup-aws-snssqs.md >}}) | Alpha |
### Google Cloud Platform (GCP)
| Name | Status |
|---------------------------------------------------|--------|
| [GCP Pub/Sub]({{< ref setup-gcp-pubsub.md >}}) | Alpha |
### Microsoft Azure
| Name | Status |
|-----------------------------------------------------------|--------|
| [Azure Events Hub]({{< ref setup-azure-eventhubs.md >}}) | Alpha |
| [Azure Service Bus]({{< ref setup-azure-servicebus.md >}})| Alpha |

2
daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-gcp.md → daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-gcp-pubsub.md
View File

@ -3,6 +3,8 @@ type: docs
title: "GCP Pub/Sub"
linkTitle: "GCP Pub/Sub"
description: "Detailed documentation on the GCP Pub/Sub component"
aliases:
- "/operations/components/setup-pubsub/supported-pubsub/setup-gcp/"
---
## Create a Dapr component

65
daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-nats-streaming.md
View File

@ -1,12 +1,12 @@
---
type: docs
title: "NATS streaming"
linkTitle: "NATS streaming"
description: "Detailed documentation on the NATS pubsub component"
title: "NATS Streaming"
linkTitle: "NATS Streaming"
description: "Detailed documentation on the NATS Streaming pubsub component"
---
## Component format
To setup NATS streaming pubsub create a component of type `pubsub.natsstreaming`. See [this guide]({{< ref "howto-publish-subscribe.md#step-1-setup-the-pubsub-component" >}}) on how to create and apply a pubsub configuration.
To setup NATS Streaming pubsub create a component of type `pubsub.natsstreaming`. See [this guide]({{< ref "howto-publish-subscribe.md#step-1-setup-the-pubsub-component" >}}) on how to create and apply a pubsub configuration.
```yaml
apiVersion: dapr.io/v1alpha1
@ -25,27 +25,27 @@ spec:
# below are subscription configuration.
- name: subscriptionType
value: <REPLACE-WITH-SUBSCRIPTION-TYPE> # Required. Allowed values: topic, queue.
- name: deliverNew
value: true
# - name: ackWaitTime
# value: "" # Optional. See: https://docs.nats.io/developing-with-nats-streaming/acks#acknowledgements
# - name: maxInFlight
# value: "" # Optional. See: https://docs.nats.io/developing-with-nats-streaming/acks#acknowledgements
# - name: durableSubscriptionName
# value: ""
- name: ackWaitTime
value: "" # Optional.
- name: maxInFlight
value: "" # Optional.
- name: durableSubscriptionName
value: "" # Optional.
# following subscription options - only one can be used
# - name: startAtSequence
# value: 1
# - name: startWithLastReceived
# value: false
# - name: deliverAll
# value: false
# - name: startAtTimeDelta
# value: ""
# - name: startAtTime
# value: ""
# - name: startAtTimeFormat
# value: ""
- name: deliverNew
value: <bool>
- name: startAtSequence
value: 1
- name: startWithLastReceived
value: false
- name: deliverAll
value: false
- name: startAtTimeDelta
value: ""
- name: startAtTime
value: ""
- name: startAtTimeFormat
value: ""
```
{{% alert title="Warning" color="warning" %}}
@ -56,8 +56,19 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| natsURL | Y | NATS server address URL | "`nats://localhost:4222`"
| natsStreamingClusterID | Y | NATS cluster ID |`"clusterId"`
| natsURL | Y | NATS server address URL | "`nats://localhost:4222`"|
| natsStreamingClusterID | Y | NATS cluster ID |`"clusterId"`|
| subscriptionType | Y | Subscription type. Allowed values `"topic"`, `"queue"` | `"topic"` |
| ackWaitTime | N | See [here](https://docs.nats.io/developing-with-nats-streaming/acks#acknowledgements) | `"300ms"`|
| maxInFlight | N | See [here](https://docs.nats.io/developing-with-nats-streaming/acks#acknowledgements) | `"25"` |
| durableSubscriptionName | N | [Durable subscriptions](https://docs.nats.io/developing-with-nats-streaming/durables) identification name. | `"my-durable"`|
| deliverNew | N | Subscription Options. Only one can be used. Deliver new messages only | `"true"`, `"false"` |
| startAtSequence | N | Subscription Options. Only one can be used. Sets the desired start sequence position and state | `"100000"`, `"230420"` |
| startWithLastReceived | N | Subscription Options. Only one can be used. Sets the start position to last received. | `"true"`, `"false"` |
| deliverAll | N | Subscription Options. Only one can be used. Deliver all available messages | `"true"`, `"false"` |
| startAtTimeDelta | N | Subscription Options. Only one can be used. Sets the desired start time position and state using the delta | `"10m"`, `"23s"` |
| startAtTime | N | Subscription Options. Only one can be used. Sets the desired start time position and state | `"Feb 3, 2013 at 7:54pm (PST)"` |
| startAtTimeDelta | N | Must be used with `startAtTime`. Sets the format for the time | `"Jan 2, 2006 at 3:04pm (MST)"` |
## Create a NATS server
@ -84,7 +95,7 @@ kubectl apply -f https://raw.githubusercontent.com/nats-io/k8s/master/nats-serve
kubectl apply -f https://raw.githubusercontent.com/nats-io/k8s/master/nats-streaming-server/single-server-stan.yml
```
This will install a single NATS-Streaming and Nats into the `default` namespace.
This installs a single NATS-Streaming and Nats into the `default` namespace.
To interact with NATS, find the service with: `kubectl get svc stan`.
For example, if installing using the example above, the NATS Streaming address would be:

1
daprdocs/content/en/operations/components/setup-pubsub/supported-pubsub/setup-redis-pubsub.md
View File

@ -3,7 +3,6 @@ type: docs
title: "Redis Streams"
linkTitle: "Redis Streams"
description: "Detailed documentation on the Redis Streams pubsub component"
weight: 100
---
## Component format

2
daprdocs/content/en/operations/components/setup-secret-store/secret-stores-overview.md
View File

@ -54,6 +54,8 @@ spec:
value: "[aws_session_token]"
```
## Apply the configuration
Once you have created the component's YAML file, follow these instructions to apply it based on your hosting environment:

32
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/_index.md
View File

@ -4,5 +4,33 @@ title: "Supported secret stores"
linkTitle: "Supported secret stores"
weight: 30000
description: List of all the supported secret stores that can interface with Dapr
simple_list: true
---
no_list: true
---
### Generic
| Name | Status |
|-------------------------------------------------------------------|------------------------------|
| [Local environment variables]({{< ref envvar-secret-store.md >}}) | GA (For local development) |
| [Local file]({{< ref file-secret-store.md >}}) | GA (For local development) |
| [HashiCorp Vault]({{< ref hashicorp-vault.md >}}) | Alpha |
| [Kubernetes secrets]({{< ref kubernetes-secret-store.md >}}) | Alpha |
### Amazon Web Services (AWS)
| Name | Status |
|----------------------------------------------------------|--------|
| [AWS Secrets Manager]({{< ref aws-secret-manager.md >}}) | Alpha |
### Google Cloud Platform (GCP)
| Name | Status |
|----------------------------------------------------------|--------|
| [GCP Secret Manager]({{< ref gcp-secret-manager.md >}}) | Alpha |
### Microsoft Azure
| Name | Status |
|---------------------------------------------------------------------------------------|--------|
| [Azure Key Vault w/ Managed Identity]({{< ref azure-keyvault-managed-identity.md >}}) | Alpha |
| [Azure Key Vault]({{< ref azure-keyvault.md >}}) | Alpha |

51
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/aws-secret-manager.md
View File

@ -5,12 +5,11 @@ linkTitle: "AWS Secrets Manager"
description: Detailed information on the decret store component
---
## Create an AWS Secrets Manager instance
## Component format
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
To setup AWS Secrets Manager secret store create a component of type `secretstores.aws.secretmanager`. See [this guide]({{< ref "secret-stores-overview.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
## Create the Dapr component
See [Authenticating to AWS]({{< ref authenticating-aws.md >}}) for information about authentication-related attributes
See [Authenticating to AWS]({{< ref authenticating-aws.md >}}) for information about authentication-related attributes.
```yaml
apiVersion: dapr.io/v1alpha1
@ -31,43 +30,25 @@ spec:
- name: sessionToken
value: "[aws_session_token]"
```
## Apply the configuration
Read [this guide]({{< ref howto-secrets.md >}}) to learn how to apply a Dapr component.
## Example
This example shows you how to set the Redis password from the AWS Secret Manager secret store.
Here, you created a secret named `redisPassword` in AWS Secret Manager. Note its important to set it both as the `name` and `key` properties.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
namespace: default
spec:
type: state.redis
version: v1
metadata:
- name: redisHost
value: "[redis]:6379"
- name: redisPassword
secretKeyRef:
name: redisPassword
key: redisPassword
auth:
secretStore: awssecretmanager
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
{{% /alert %}}
## Spec metadata fields
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|---------------------|
| region | Y | The specific AWS region the AWS Secrets Manager instance is deployed in | `"us-east-1"` |
| accessKey | Y | The AWS Access Key to access this resource | `"key"` |
| secretKey | Y | The AWS Secret Access Key to access this resource | `"secretAccessKey"` |
| sessionToken | N | The AWS session token to use | `"sessionToken"` |
## Create an AWS Secrets Manager instance
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Authenticating to AWS]({{< ref authenticating-aws.md >}})

75
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault-managed-identity.md
View File

@ -5,12 +5,49 @@ linkTitle: "Azure Key Vault w/ Managed Identity"
description: How to configure Azure Key Vault and Kubernetes to use Azure Managed Identities to access secrets
---
## Prerequisites
## Component format
To setup Azure Key Vault secret store with Managed Identies create a component of type `secretstores.azure.keyvault`. See [this guide]({{< ref "secret-stores-overview.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
The component yaml uses the name of your key vault and the Cliend ID of the managed identity to setup the secret store.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
namespace: default
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: [your_keyvault_name]
- name: spnClientId
value: [your_managed_identity_client_id]
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
{{% /alert %}}
## Spec metadata fields
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|---------------------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` |
| spnClientId | Y | Your managed identity client Id | `"yourId"` |
## Setup Managed Identity and Azure Key Vault
### Prerequisites
- [Azure Subscription](https://azure.microsoft.com/en-us/free/)
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
## Setup Managed Identity and Azure Key Vault
### Steps
1. Login to Azure and set the default subscription
@ -118,41 +155,11 @@ description: How to configure Azure Key Vault and Kubernetes to use Azure Manage
kubectl apply -f azure-identity-config.yaml
```
## Configure Dapr component
In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
1. Create azurekeyvault.yaml component file
The component yaml uses the name of your key vault and the Cliend ID of the managed identity to setup the secret store.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
namespace: default
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: [your_keyvault_name]
- name: spnClientId
value: [your_managed_identity_client_id]
```
2. Apply azurekeyvault.yaml component
```bash
kubectl apply -f azurekeyvault.yaml
```
## References
- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
- [AAD Pod Identity](https://github.com/Azure/aad-pod-identity)
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

48
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault.md
View File

@ -9,12 +9,52 @@ description: Detailed information on the Azure Key Vault secret store component
Azure Managed Identity can be used for Azure Key Vault access on Kubernetes. Instructions [here]({{< ref azure-keyvault-managed-identity.md >}}).
{{% /alert %}}
## Prerequisites
## Component format
To setup Azure Key Vault secret store create a component of type `secretstores.azure.keyvault`. See [this guide]({{< ref "secret-stores-overview.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
See also [configure the component](#configure-the-component) guide in this page.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
namespace: default
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: [your_keyvault_name]
- name: spnTenantId
value: "[your_service_principal_tenant_id]"
- name: spnClientId
value: "[your_service_principal_app_id]"
- name: spnCertificateFile
value : "[pfx_certificate_file_local_path]"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
{{% /alert %}}
## Spec metadata fields
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` |
| spnTenantId | Y | Your Service Principal Tenant Id | `"spnTenantId"` |
| spnClientId | Y | Your Service Principal App Id | `"spnAppId"` |
| spnCertificateFile | Y | Your PFX certificate file path. See [configure the component](#configure-the-component) for more details | `"path"` |
## Setup Key Vault and service principal
### Prerequisites
- [Azure Subscription](https://azure.microsoft.com/en-us/free/)
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
## Setup Key Vault and service principal
### Steps
1. Login to Azure and set the default subscription
@ -85,7 +125,7 @@ Azure Managed Identity can be used for Azure Key Vault access on Kubernetes. Ins
az keyvault secret download --vault-name [your_keyvault] --name [certificate_name] --encoding base64 --file [certificate_name].pfx
```
## Configure Dapr component
## Configure the component
{{< tabs "Self-Hosted" "Kubernetes">}}
@ -171,6 +211,6 @@ kubectl apply -f azurekeyvault.yaml
- [Azure CLI Keyvault CLI](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create)
- [Create an Azure service principal with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

6
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/envvar-secret-store.md
View File

@ -2,7 +2,6 @@
type: docs
title: "Local environment variables (for Development)"
linkTitle: "Local environment variables"
weight: 10
description: Detailed information on the local environment secret store component
---
@ -12,9 +11,9 @@ This Dapr secret store component uses locally defined environment variable and d
This approach to secret management is not recommended for production environments.
{{% /alert %}}
## Setup environment variable secret store
## Component format
To enable environment variable secret store, create a file with the following content in your `./components` directory:
To setup local environment variables secret store create a component of type `secretstores.local.env`. Create a file with the following content in your `./components` directory:
```yaml
apiVersion: dapr.io/v1alpha1
@ -27,7 +26,6 @@ spec:
version: v1
metadata:
```
## Related Links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})

32
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/file-secret-store.md
View File

@ -2,27 +2,18 @@
type: docs
title: "Local file (for Development)"
linkTitle: "Local file"
weight: 20
description: Detailed information on the local file secret store component
---
This Dapr secret store component reads plain text JSON from a given file and does not use authentication.
## Setup JSON file to hold the secrets
{{% alert title="Warning" color="warning" %}}
This approach to secret management is not recommended for production environments.
{{% /alert %}}
1. Create a JSON file (i.e. `secrets.json`) with the following contents:
```json
{
"redisPassword": "your redis passphrase"
}
```
## Component format
2. Save this file to your `./components` directory or a secure location in your filesystem
## Configure Dapr component
Create a Dapr component file (ex. `localSecretStore.yaml`) with following content:
To setup local file based secret store create a component of type `secretstores.local.file`. Create a file with the following content in your `./components` directory:
```yaml
apiVersion: dapr.io/v1alpha1
@ -40,9 +31,14 @@ spec:
value: ":"
```
The `nestedSeparator` parameter is optional (default value is ':'). It is used by the store when flattening the json hierarchy to a map.
## Spec metadata fields
## Example
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------|
| secretsFile | Y | The path to the file where secrets are stored | `"path/to/file.json"` |
| nestedSeparator | N | Used by the store when flattening the JSON hierarchy to a map. Defaults to `":"` | `":"` |
## Setup JSON file to hold the secrets
Given the following json:
@ -68,6 +64,6 @@ Use the flattened key (`connectionStrings:sql`) to access the secret.
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

87
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/gcp-secret-manager.md
View File

@ -5,13 +5,9 @@ linkTitle: "GCP Secret Manager"
description: Detailed information on the GCP Secret Manager secret store component
---
This document shows how to enable GCP Secret Manager secret store using [Dapr Secrets Component./../concepts/secrets/README.md) for self hosted and Kubernetes mode.
## Component format
## Setup GCP Secret Manager instance
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
## Setup Dapr component
To setup GCP Secret Manager secret store create a component of type `secretstores.gcp.secretmanager`. See [this guide]({{< ref "secret-stores-overview.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
```yaml
apiVersion: dapr.io/v1alpha1
@ -24,77 +20,52 @@ spec:
version: v1
metadata:
- name: type
value: service_account
value: <replace-with-account-type>
- name: project_id
value: project_111
value: <replace-with-project-id>
- name: private_key_id
value: *************
value: <replace-with-private-key-id>
- name: client_email
value: name@domain.com
value: <replace-with-email>
- name: client_id
value: '1111111111111111'
value: <replace-with-client-id>
- name: auth_uri
value: https://accounts.google.com/o/oauth2/auth
value: <replace-with-auth-uri>
- name: token_uri
value: https://oauth2.googleapis.com/token
value: <replace-with-token-uri>
- name: auth_provider_x509_cert_url
value: https://www.googleapis.com/oauth2/v1/certs
value: <replace-with-auth-provider-cert-url>
- name: client_x509_cert_url
value: https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com
value: <replace-with-client-cert-url>
- name: private_key
value: PRIVATE KEY
value: <replace-with-private-key>
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
{{% /alert %}}
## Apply the component
## Spec metadata fields
{{< tabs "Self-Hosted" "Kubernetes">}}
| Field | Required | Details | Example |
|--------------------|:--------:|--------------------------------|---------------------|
| type | Y | The type of the account. | `"serviceAccount"` |
| project_id | Y | The project ID associated with this component. | `"project_id"` |
| private_key_id | N | The private key ID | `"privatekey"` |
| client_email | Y | The client email address | `"client@example.com"` |
| client_id | N | The ID of the client | `"11111111"` |
| auth_uri | N | The authentication URI | `"https://accounts.google.com/o/oauth2/auth"` |
| token_uri | N | The authentication token URI | `"https://oauth2.googleapis.com/token"` |
| auth_provider_x509_cert_url | N | The certificate URL for the auth provider | `"https://www.googleapis.com/oauth2/v1/certs"` |
| client_x509_cert_url | N | The certificate URL for the client | `"https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com"`|
| private_key | Y | The private key for authentication | `"privateKey"` |
{{% codetab %}}
To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
## Setup GCP Secret Manager instance
{{% /codetab %}}
{{% codetab %}}
To deploy in Kubernetes, save the file above to `gcp_secret_manager.yaml` and then run:
```bash
kubectl apply -f gcp_secret_manager.yaml
```
{{% /codetab %}}
{{< /tabs >}}
## Example
This example shows you how to take the Redis password from the GCP Secret Manager secret store.
Here, you created a secret named `redisPassword` in GCP Secret Manager. Note its important to set it both as the `name` and `key` properties.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
namespace: default
spec:
type: state.redis
version: v1
metadata:
- name: redisHost
value: "[redis]:6379"
- name: redisPassword
secretKeyRef:
name: redisPassword
key: redisPassword
auth:
secretStore: gcpsecretmanager
```
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

72
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/hashicorp-vault.md
View File

@ -5,23 +5,10 @@ linkTitle: "HashiCorp Vault"
description: Detailed information on the HashiCorp Vault secret store component
---
## Setup Hashicorp Vault instance
{{< tabs "Self-Hosted" "Kubernetes" >}}
{{% codetab %}}
Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.
{{% /codetab %}}
{{% codetab %}}
For Kubernetes, you can use the Helm Chart: <https://github.com/hashicorp/vault-helm>.
{{% /codetab %}}
{{< /tabs >}}
## Create the Vault component
To setup HashiCorp Vault secret store create a component of type `secretstores.hashicorp.vault`. See [this guide]({{< ref "secret-stores-overview.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
@ -49,50 +36,37 @@ spec:
- name: vaultKVPrefix # Optional. Default: "dapr"
value : "[vault_prefix]"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
{{% /alert %}}
## Spec metadata fields
| Field | Required | Details | Example |
|--------------------|:--------:|--------------------------------|---------------------|
| vaultAddr | N | The address of the Vault server. Defaults to `"https://127.0.0.1:8200"` | `"https://127.0.0.1:8200"` |
| caCert | N | Certificate Authority use only one of the options. The encoded cacerts to use | `"cacerts"` |
| caPath | N | Certificate Authority use only one of the options. The path to a CA cert file | `"path/to/cacert/file"` |
| caPem | N | Certificate Authority use only one of the options. The encoded cacert pem to use | `"encodedpem"` |
| skipVerify | N | Skip TLS verification. Defaults to `"false"` | `"true"`, `"false"` |
| tlsServerName | N | TLS config server name | `"tls-server"` |
| vaultTokenMountPath | Y | Path to file containing token | `"path/to/file"` |
| vaultKVPrefix | N | The prefix in vault. Defautls to `"dapr"` | `"dapr"`, `"myprefix"` |
## Setup Hashicorp Vault instance
{{< tabs "Self-Hosted" "Kubernetes" >}}
{{% codetab %}}
To run locally, create a `components` dir containing the YAML file and provide the path to the `dapr run` command with the flag `--components-path`.
Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.
{{% /codetab %}}
{{% codetab %}}
To deploy in Kubernetes, save the file above to `vault.yaml` and then run:
```bash
kubectl apply -f vault.yaml
```
For Kubernetes, you can use the Helm Chart: <https://github.com/hashicorp/vault-helm>.
{{% /codetab %}}
{{< /tabs >}}
## Example
This example shows you how to take the Redis password from the Vault secret store.
```yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
namespace: default
spec:
type: state.redis
version: v1
metadata:
- name: redisHost
value: "[redis]:6379"
- name: redisPassword
secretKeyRef:
name: redisPassword
key: redisPassword
auth:
secretStore: vault
```
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

11
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/kubernetes-secret-store.md
View File

@ -1,17 +1,16 @@
---
type: docs
title: "Kubernetes Secrets"
linkTitle: "Kubernetes Secrets"
weight: 30
title: "Kubernetes secrets"
linkTitle: "Kubernetes secrets"
description: Detailed information on the Kubernetes secret store component
---
## Summary
Kubernetes has a built-in state store which Dapr components can use to fetch secrets from. No special configuration is needed to setup the Kubernetes state store, and you are able to retreive secrets from the `http://localhost:3500/v1.0/secrets/kubernetes/[my-secret]` URL.
Kubernetes has a built-in secrets store which Dapr components can use to retrieve secrets from. No special configuration is needed to setup the Kubernetes secrets store, and you are able to retrieve secrets from the `http://localhost:3500/v1.0/secrets/kubernetes/[my-secret]` URL. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retreive a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
- [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})
- [Secrets API reference]({{< ref secrets_api.md >}})

46
daprdocs/content/en/operations/components/setup-state-store/supported-state-stores/_index.md
View File

@ -11,32 +11,32 @@ The following stores are supported, at various levels, by the Dapr state managem
### Generic
| Name | CRUD | Transactional |
|----------------------------------------------------------------|------|---------------|
| [Aerospike]({{< ref setup-aerospike.md >}}) | ✅ | ❌ |
| [Apache Cassandra]({{< ref setup-cassandra.md >}}) | ✅ | ❌ |
| [Cloudstate]({{< ref setup-cloudstate.md >}}) | ✅ | ❌ |
| [Couchbase]({{< ref setup-couchbase.md >}}) | ✅ | ❌ |
| [Hashicorp Consul]({{< ref setup-consul.md >}}) | ✅ | ❌ |
| [Hazelcast]({{< ref setup-hazelcast.md >}}) | ✅ | ❌ |
| [Memcached]({{< ref setup-memcached.md >}}) | ✅ | ❌ |
| [MongoDB]({{< ref setup-mongodb.md >}}) | ✅ | ✅ |
| [MySQL]({{< ref setup-mysql.md >}}) | ✅ | ✅ |
| [PostgreSQL]({{< ref setup-postgresql.md >}}) | ✅ | ✅ |
| [Redis]({{< ref setup-redis.md >}}) | ✅ | ✅ |
| [Zookeeper]({{< ref setup-zookeeper.md >}}) | ✅ | ❌ |
| Name | CRUD | Transactional | Status |
|----------------------------------------------------------------|------|---------------|--------|
| [Aerospike]({{< ref setup-aerospike.md >}}) | ✅ | ❌ | Alpha |
| [Apache Cassandra]({{< ref setup-cassandra.md >}}) | ✅ | ❌ | Alpha |
| [Cloudstate]({{< ref setup-cloudstate.md >}}) | ✅ | ❌ | Alpha |
| [Couchbase]({{< ref setup-couchbase.md >}}) | ✅ | ❌ | Alpha |
| [Hashicorp Consul]({{< ref setup-consul.md >}}) | ✅ | ❌ | Alpha |
| [Hazelcast]({{< ref setup-hazelcast.md >}}) | ✅ | ❌ | Alpha |
| [Memcached]({{< ref setup-memcached.md >}}) | ✅ | ❌ | Alpha |
| [MongoDB]({{< ref setup-mongodb.md >}}) | ✅ | ✅ | Alpha |
| [MySQL]({{< ref setup-mysql.md >}}) | ✅ | ✅ | Alpha |
| [PostgreSQL]({{< ref setup-postgresql.md >}}) | ✅ | ✅ | Alpha |
| [Redis]({{< ref setup-redis.md >}}) | ✅ | ✅ | Alpha |
| [Zookeeper]({{< ref setup-zookeeper.md >}}) | ✅ | ❌ | Alpha |
### Google Cloud Platform (GCP)
| Name | CRUD | Transactional |
|-------------------------------------------------------|------|---------------|
| [GCP Firestore]({{< ref setup-firestore.md >}}) | ✅ | ❌ |
| Name | CRUD | Transactional | Status |
|-------------------------------------------------------|------|---------------|--------|
| [GCP Firestore]({{< ref setup-firestore.md >}}) | ✅ | ❌ | Alpha |
### Microsoft Azure
| Name | CRUD | Transactional |
|------------------------------------------------------------------|------|---------------|
| [Azure Blob Storage]({{< ref setup-azure-blobstorage.md >}}) | ✅ | ❌ |
| [Azure CosmosDB]({{< ref setup-azure-cosmosdb.md >}}) | ✅ | ✅ |
| [Azure SQL Server]({{< ref setup-sqlserver.md >}}) | ✅ | ❌ |
| [Azure Table Storage]({{< ref setup-azure-tablestorage.md >}}) | ✅ | ❌ |
| Name | CRUD | Transactional | Status |
|------------------------------------------------------------------|------|---------------|--------|
| [Azure Blob Storage]({{< ref setup-azure-blobstorage.md >}}) | ✅ | ❌ | Alpha |
| [Azure CosmosDB]({{< ref setup-azure-cosmosdb.md >}}) | ✅ | ✅ | Alpha |
| [Azure SQL Server]({{< ref setup-sqlserver.md >}}) | ✅ | ❌ | Alpha |
| [Azure Table Storage]({{< ref setup-azure-tablestorage.md >}}) | ✅ | ❌ | Alpha |