Add AWS/GCP Secret Stores (#402)

* Add GCP and AWS Secret Stores

* edit text

concepts/secrets/component-secrets.md

@@ -8,7 +8,7 @@ When running in Kubernetes, if the `auth.secretStore` is empty, the Kubernetes s
 
 ### Supported secret stores
 
-Go to [this](https://github.com/dapr/docs/blob/master/howto/setup-secret-store/supported-secret-stores.md) link to see all the secret stores supported by Dapr, along with information on how to configure and use them.
+Go to [this](../../howto/setup-secret-store/README.md) link to see all the secret stores supported by Dapr, along with information on how to configure and use them.
 
 ## Non default namespaces
 

howto/setup-secret-store/README.md

@@ -1,5 +1,10 @@
-# How To: Setup a Dapr Secret Store
+# How To: Setup Secret Stores
 
-It is important to securly store and retrieve secrets in Dapr to prevent unwanted people from accessing connection strings, passwords, and auth tokens.
+The following list shows the supported secret stores by Dapr. The links here will walk you through setting up and using the secret store.
 
-The guides within this directory contain guides on how to deploy, configure, and connect to secret stores.
+* [AWS Secret Manager](./aws-secret-manager.md)
+* [Azure Key Vault](./azure-keyvault.md)
+* [Azure Key Vault with Managed Identity](./azure-keyvault-managed-identity.md)
+* [GCP Secret Manager](./gcp-secret-manager.md)
+* [Hashicorp Vault](./hashicorp-vault.md)
+* [Kubernetes](./kubernetes.md)

howto/setup-secret-store/aws-secret-manager.md

@@ -0,0 +1,56 @@
+# Secret store for AWS Secret Manager
+
+This document shows how to enable AWS Secret Manager secret store using [Dapr Secrets Component](../../concepts/components/secrets.md) for self hosted and Kubernetes mode.
+
+## Create an AWS Secret Manager instance
+
+Setup AWS Secret Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
+
+## Create the component
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: awssecretmanager
+spec:
+  type: secretstores.aws.secretmanager
+  metadata:
+  - name: region
+    value: [aws_region] # Required.
+  - name: accessKey # Required.
+    value: "[aws_access_key]"
+  - name: secretKey # Required.
+    value: "[aws_secret_key]"
+  - name: sessionToken # Required.
+    value: "[aws_session_token]"
+```
+
+To deploy in Kubernetes, save the file above to `aws_secret_manager.yaml` and then run:
+
+```bash
+kubectl apply -f aws_secret_manager.yaml
+```
+
+When running in self hosted mode, place this file in a `components` directory under the Dapr working directory.
+
+## AWS Secret Manager reference example
+
+This example shows you how to set the Redis password from the AWS Secret Manager secret store.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: statestore
+spec:
+  type: state.redis
+  metadata:
+  - name: redisHost
+    value: "[redis]:6379"
+  - name: redisPassword
+    secretKeyRef:
+      name: redisPassword
+auth:
+    secretStore: awssecretmanager
+```

howto/setup-secret-store/gcp-secret-manager.md

@@ -0,0 +1,68 @@
+# Secret Store for GCP Secret Manager
+
+This document shows how to enable GCP Secret Manager secret store using [Dapr Secrets Component](../../concepts/components/secrets.md) for self hosted and Kubernetes mode.
+
+## Create an GCP Secret Manager instance
+
+Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
+
+## Create the component
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: gcpsecretmanager
+spec:
+  type: secretstores.gcp.secretmanager
+  metadata:
+  - name: type
+    value: service_account
+  - name: project_id
+    value: project_111
+  - name: private_key_id
+    value: *************
+  - name: client_email
+    value: name@domain.com
+  - name: client_id
+    value: '1111111111111111'
+  - name: auth_uri
+    value: https://accounts.google.com/o/oauth2/auth
+  - name: token_uri
+    value: https://oauth2.googleapis.com/token
+  - name: auth_provider_x509_cert_url
+    value: https://www.googleapis.com/oauth2/v1/certs
+  - name: client_x509_cert_url
+    value: https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com
+  - name: private_key
+    value: PRIVATE KEY
+```
+
+To deploy in Kubernetes, save the file above to `gcp_secret_manager.yaml` and then run:
+
+```bash
+kubectl apply -f gcp_secret_manager.yaml
+```
+
+When running in self hosted mode, place this file in a `components` directory under the Dapr working directory.
+
+## GCP Secret Manager reference example
+
+This example shows you how to take the Redis password from the GCP Secret Manager secret store.
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: statestore
+spec:
+  type: state.redis
+  metadata:
+  - name: redisHost
+    value: "[redis]:6379"
+  - name: redisPassword
+    secretKeyRef:
+      name: redisPassword
+auth:
+    secretStore: gcpsecretmanager
+```