dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/daprdocs/content/en/operations/components/setup-secret-store.md

2.6 KiB
Raw Permalink Blame History

type title linkTitle description weight aliases
docs Secret store components Secret stores Guidance on setting up different secret store components 3000
/operations/components/setup-state-store/secret-stores-overview/

Dapr integrates with secret stores to provide apps and other components with secure storage and access to secrets such as access keys and passwords. Each secret store component has a name and this name is used when accessing a secret.

As with other building block components, secret store components are extensible and can be found in the components-contrib repo.

A secret store in Dapr is described using a Component file with the following fields:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: secretstore
  namespace: default
spec:
  type: secretstores.<NAME>
  version: v1
  metadata:
  - name: <KEY>
    value: <VALUE>
  - name: <KEY>
    value: <VALUE>
...

The type of secret store is determined by the type field, and things like connection strings and other metadata are put in the .metadata section.

Different [supported secret stores]({{< ref supported-secret-stores >}}) will have different specific fields that would need to be configured. For example, when configuring a secret store which uses AWS Secrets Manager the file would look like this:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: awssecretmanager
  namespace: default
spec:
  type: secretstores.aws.secretmanager
  version: v1
  metadata:
  - name: region
    value: "[aws_region]"
  - name: accessKey
    value: "[aws_access_key]"
  - name: secretKey
    value: "[aws_secret_key]"
  - name: sessionToken
    value: "[aws_session_token]"

Apply the configuration

Once you have created the component's YAML file, follow these instructions to apply it based on your hosting environment:

{{< tabs "Self-Hosted" "Kubernetes" >}}

{{% codetab %}} To run locally, create a components dir containing the YAML file and provide the path to the dapr run command with the flag --components-path. {{% /codetab %}}

{{% codetab %}} To deploy in Kubernetes, assuming your component file is named secret-store.yaml, run:

kubectl apply -f secret-store.yaml

{{% /codetab %}}

{{< /tabs >}}

Supported secret stores

Visit the [secret stores reference]({{< ref supported-secret-stores >}}) for a full list of supported secret stores.

Related links

  • [Supported secret store components]({{< ref supported-secret-stores >}})
  • [Secrets building block]({{< ref secrets >}})