AWS Secrets Manager

Detailed information on the decret store component

Create an AWS Secrets Manager instance

Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.

Create the Dapr component

See Authenticating to AWS for information about authentication-related attributes

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: awssecretmanager
  5. namespace: default
  6. spec:
  7. type: secretstores.aws.secretmanager
  8. version: v1
  9. metadata:
  10. - name: region
  11. value: "[aws_region]"
  12. - name: accessKey
  13. value: "[aws_access_key]"
  14. - name: secretKey
  15. value: "[aws_secret_key]"
  16. - name: sessionToken
  17. value: "[aws_session_token]"

Apply the configuration

Read this guide to learn how to apply a Dapr component.

Example

This example shows you how to set the Redis password from the AWS Secret Manager secret store. Here, you created a secret named redisPassword in AWS Secret Manager. Note its important to set it both as the name and key properties.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: statestore
  5. namespace: default
  6. spec:
  7. type: state.redis
  8. version: v1
  9. metadata:
  10. - name: redisHost
  11. value: "[redis]:6379"
  12. - name: redisPassword
  13. secretKeyRef:
  14. name: redisPassword
  15. key: redisPassword
  16. auth:
  17. secretStore: awssecretmanager

Warning

The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.

Related links

Last modified February 16, 2021: Merge pull request #1235 from dapr/update-v0.11 (b4e9fbb)