Merge branch 'v1.11' into ts-azure-app-config-subscribe-interval

This commit is contained in:
Hannah Hunter 2023-07-05 18:17:50 -04:00 committed by GitHub
commit acc4b990d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 68 additions and 20 deletions

View File

@ -28,26 +28,20 @@ name | the name of the secret to get
#### Query Parameters
Some secret stores have **optional** metadata properties. metadata is populated using query parameters:
Some secret stores support **optional**, per-request metadata properties. Use query parameters to provide those properties. For example:
```
GET http://localhost:<daprPort>/v1.0/secrets/<secret-store-name>/<name>?metadata.version_id=15
```
##### GCP Secret Manager
The following optional meta can be provided to the GCP Secret Manager component
Observe that not all secret stores support the same set of parameters. For example:
- Hashicorp Vault, GCP Secret Manager and AWS Secret Manager support the `version_id` parameter
- Only AWS Secret Manager supports the `version_stage` parameter
- Only Kubernetes Secrets supports the `namespace` parameter
Check each [secret store's documentation]({{< ref supported-secret-stores.md >}}) for the list of supported parameters.
Query Parameter | Description
--------- | -----------
metadata.version_id | version for the given secret key
##### AWS Secret Manager
The following optional meta can be provided to the AWS Secret Manager component
Query Parameter | Description
--------- | -----------
metadata.version_id | version for the given secret key
metadata.version_stage | version stage for the given secret key
### HTTP Response
@ -101,17 +95,11 @@ Code | Description
### Examples
```shell
curl http://localhost:3500/v1.0/secrets/vault/db-secret
curl http://localhost:3500/v1.0/secrets/mySecretStore/db-secret
```
```shell
curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&metadata.version_stage=AAA
```
> Note, in case of deploying into namespace other than default, the above query will also have to include the namespace metadata (e.g. `production` below)
```shell
curl http://localhost:3500/v1.0/secrets/vault/db-secret?metadata.version_id=15&?metadata.namespace=production
curl http://localhost:3500/v1.0/secrets/myAwsSecretStore/db-secret?metadata.version_id=15&metadata.version_stage=production
```
## Get Bulk Secret

View File

@ -43,6 +43,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| accessKeySecret | Y | The AlibabaCloud Access Key Secret to access this resource | `"accessKeySecret"` |
| securityToken | N | The AlibabaCloud Security Token to use | `"securityToken"` |
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api.md#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key
`metadata.path` | (For bulk requests only) The path from the metadata. If not set, defaults to root path (all secrets).
## Create an AlibabaCloud OOS Parameter Store instance
Setup AlibabaCloud OOS Parameter Store using the AlibabaCloud documentation: https://www.alibabacloud.com/help/en/doc-detail/186828.html.

View File

@ -48,6 +48,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.
{{% /alert %}}
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key.
`metadata.version_stage` | Version stage for the given secret key.
## Create an AWS Secrets Manager instance
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.

View File

@ -53,6 +53,15 @@ The Azure Key Vault secret store component supports authentication with Azure AD
Additionally, you must provide the authentication fields as explained in the [Authenticating to Azure]({{< ref authenticating-azure.md >}}) document.
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key.
`metadata.maxresults` | (For bulk requests only) Number of secrets to return, after which the request will be truncated.
## Example
### Prerequisites

View File

@ -61,6 +61,14 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| client_x509_cert_url | N | The certificate URL for the client | `"https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com"`|
| private_key | Y | The private key for authentication | `"privateKey"` |
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to the GCP Secret Manager component:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key.
## Setup GCP Secret Manager instance
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.

View File

@ -66,6 +66,14 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| enginePath | N | The [engine](https://www.vaultproject.io/api-docs/secret/kv/kv-v2) path in vault. Defaults to `"secret"` | `"kv"`, `"any"` |
| vaultValueType | N | Vault value type. `map` means to parse the value into `map[string]string`, `text` means to use the value as a string. 'map' sets the `multipleKeyValuesPerSecret` behavior. `text` makes Vault behave as a secret store with name/value semantics. Defaults to `"map"` | `"map"`, `"text"` |
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to Hashicorp Vault secret store component:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key.
## Setup Hashicorp Vault instance
{{< tabs "Self-Hosted" "Kubernetes" >}}

View File

@ -40,6 +40,15 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| accessKey | Y | The HuaweiCloud Access Key to access this resource | `"accessKey"` |
| secretAccessKey | Y | The HuaweiCloud Secret Access Key to access this resource | `"secretAccessKey"` |
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:
Query Parameter | Description
--------- | -----------
`metadata.version_id` | Version for the given secret key.
## Setup HuaweiCloud Cloud Secret Management Service (CSMS) instance
Setup HuaweiCloud Cloud Secret Management Service (CSMS) using the HuaweiCloud documentation: https://support.huaweicloud.com/intl/en-us/usermanual-dew/dew_01_9993.html.

View File

@ -34,6 +34,14 @@ spec:
## Spec metadata fields
For the Kubernetes secret store component, there are no metadata attributes.
## Optional per-request metadata properties
The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided to Kubernetes secret store component:
Query Parameter | Description
--------- | -----------
`metadata.namespace`| The namespace of the secret. If not specified, the namespace of the pod is used.
## Related links
- [Secrets building block]({{< ref secrets >}})
- [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})