dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/daprdocs/content/en/reference/components-reference/supported-secret-stores/aws-secret-manager.md

3.4 KiB
Raw Blame History

type title linkTitle description aliases
docs AWS Secrets Manager AWS Secrets Manager Detailed information on the secret store component
/operations/components/setup-secret-store/supported-secret-stores/aws-secret-manager/

Component format

To setup AWS Secrets Manager secret store create a component of type secretstores.aws.secretmanager. See [this guide]({{< ref "setup-secret-store.md#apply-the-configuration" >}}) on how to create and apply a secretstore configuration. See this guide on [referencing secrets]({{< ref component-secrets.md >}}) to retrieve and use the secret with Dapr components.

See [Authenticating to AWS]({{< ref authenticating-aws.md >}}) for information about authentication-related attributes.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: awssecretmanager
spec:
  type: secretstores.aws.secretmanager
  version: v1
  metadata:
  - name: region
    value: "[aws_region]"
  - name: accessKey
    value: "[aws_access_key]"
  - name: secretKey
    value: "[aws_secret_key]"
  - name: sessionToken
    value: "[aws_session_token]"

{{% alert title="Warning" color="warning" %}} The above example uses secrets as plain strings. It is recommended to use a local secret store such as [Kubernetes secret store]({{< ref kubernetes-secret-store.md >}}) or a [local file]({{< ref file-secret-store.md >}}) to bootstrap secure key storage. {{% /alert %}}

Spec metadata fields

Field Required Details Example
region Y The specific AWS region the AWS Secrets Manager instance is deployed in "us-east-1"
accessKey Y The AWS Access Key to access this resource "key"
secretKey Y The AWS Secret Access Key to access this resource "secretAccessKey"
sessionToken N The AWS session token to use "sessionToken"

{{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using.
{{% /alert %}}

Optional per-request metadata properties

The following [optional query parameters]({{< ref "secrets_api#query-parameters" >}}) can be provided when retrieving secrets from this secret store:

Query Parameter Description
metadata.version_id Version for the given secret key.
metadata.version_stage Version stage for the given secret key.

Create an AWS Secrets Manager instance

Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.

Related links

  • [Secrets building block]({{< ref secrets >}})
  • [How-To: Retrieve a secret]({{< ref "howto-secrets.md" >}})
  • [How-To: Reference secrets in Dapr components]({{< ref component-secrets.md >}})
  • [Secrets API reference]({{< ref secrets_api.md >}})
  • [Authenticating to AWS]({{< ref authenticating-aws.md >}})