mirror of https://github.com/dapr/docs.git
1.8 KiB
1.8 KiB
| type | title | linkTitle | description |
|---|---|---|---|
| docs | Azure Key Vault | Azure Key Vault | Detailed information on the Azure Key Vault cryptography component |
Component format
A Dapr crypto.yaml component file has the following structure:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
spec:
type: crypto.azure.keyvault
metadata:
- name: vaultName
value: mykeyvault
# See authentication section below for all options
- name: azureTenantId
value: ${{AzureKeyVaultTenantId}}
- name: azureClientId
value: ${{AzureKeyVaultServicePrincipalClientId}}
- name: azureClientSecret
value: ${{AzureKeyVaultServicePrincipalClientSecret}}
{{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}). {{% /alert %}}
Authenticating with Microsoft Entra ID
The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component:
- Read the [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) document.
- Create an [Microsoft Entra ID application]({{< ref "howto-aad.md" >}}) (also called a Service Principal).
- Alternatively, create a [managed identity]({{< ref "howto-mi.md" >}}) for your application platform.
Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
vaultName |
Y | Azure Key Vault name | "mykeyvault" |
| Auth metadata | Y | See [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) for more information |
Related links
- [Cryptography building block]({{< ref cryptography >}})
- [Authenticating to Azure]({{< ref azure-authentication >}})