dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1148 from msfussell/azure-keyvault 

Azure Key Vault - Fix issue 1128- pfx file path guidance for the az kv secret store
This commit is contained in:
Aaron Crawfis 2021-02-01 17:33:20 -08:00 committed by GitHub
parent d9cb74c546 b26c183c8c
commit e256f47b9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
daprdocs/content/en/operations/components/setup-secret-store/supported-secret-stores/azure-keyvault.md
View File

@ -32,7 +32,7 @@ spec:
- name: spnClientId
value: "[your_service_principal_app_id]"
- name: spnCertificateFile
value : "[pfx_certificate_file_local_path]"
value : "[pfx_certificate_file_fully_qualified_local_path]"
```
{{% alert title="Warning" color="warning" %}}
The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage.
@ -43,9 +43,9 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| Field | Required | Details | Example |
|--------------------|:--------:|-------------------------------------------------------------------------|--------------------------|
| vaultName | Y | The name of the Azure Key Vault | `"mykeyvault"` |
| spnTenantId | Y | Your Service Principal Tenant Id | `"spnTenantId"` |
| spnClientId | Y | Your Service Principal App Id | `"spnAppId"` |
| spnCertificateFile | Y | Your PFX certificate file path. See [configure the component](#configure-the-component) for more details | `"path"` |
| spnTenantId | Y | Service Principal Tenant Id | `"spnTenantId"` |
| spnClientId | Y | Service Principal App Id | `"spnAppId"` |
| spnCertificateFile | Y | PFX certificate file path. <br></br> For Windows the `[pfx_certificate_file_fully_qualified_local_path]` value must use escaped backslashes, i.e. double backslashes. For example `"C:\\folder1\\folder2\\certfile.pfx"`. <br></br> For Linux you can use single slashes. For example `"/folder1/folder2/certfile.pfx"`. <br></br> See [configure the component](#configure-the-component) for more details | `"C:\\folder1\\folder2\\certfile.pfx"`, `"/folder1/folder2/certfile.pfx"` |
## Setup Key Vault and service principal
@ -151,22 +151,22 @@ The above example uses secrets as plain strings. It is recommended to use a loca
- name: spnClientId
value: "[your_service_principal_app_id]"
- name: spnCertificateFile
value : "[pfx_certificate_file_local_path]"
value : "[pfx_certificate_file_fully_qualified_local_path]"
```
Fill in the metadata fields with your Key Vault details from the above setup process.
{{% /codetab %}}
{{% codetab %}}
In Kubernetes mode, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
In Kubernetes, you store the certificate for the service principal into the Kubernetes Secret Store and then enable Azure Key Vault secret store with this certificate in Kubernetes secretstore.
1. Create a kubernetes secret using the following command:
```bash
kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_local_path]
kubectl create secret generic [your_k8s_spn_secret_name] --from-file=[pfx_certificate_file_fully_qualified_local_path]
```
- `[pfx_certificate_file_local_path]` is the path of PFX cert file you downloaded above
- `[pfx_certificate_file_fully_qualified_local_path]` is the path of PFX cert file you downloaded above
- `[your_k8s_spn_secret_name]` is secret name in Kubernetes secret store
2. Create a `azurekeyvault.yaml` component file
@ -192,7 +192,7 @@ spec:
- name: spnCertificate
secretKeyRef:
name: [your_k8s_spn_secret_name]
key: [pfx_certificate_file_local_name]
key: [pfx_certificate_file_fully_qualified_local_path]
auth:
secretStore: kubernetes
```