AWS Secrets Manager

Detailed information on the decret store component

Create an AWS Secrets Manager instance

Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.

Create the Dapr component

See Authenticating to AWS for information about authentication-related attributes

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: awssecretmanager
  5.   namespace: default
  6. spec:
  7.   type: secretstores.aws.secretmanager
  8.   version: v1
  9.   metadata:
  10.   - name: region
  11.     value: "[aws_region]"
  12.   - name: accessKey
  13.     value: "[aws_access_key]"
  14.   - name: secretKey
  15.     value: "[aws_secret_key]"
  16.   - name: sessionToken
  17.     value: "[aws_session_token]"

Apply the configuration

Read this guide to learn how to apply a Dapr component.

Example

This example shows you how to set the Redis password from the AWS Secret Manager secret store. Here, you created a secret named redisPassword in AWS Secret Manager. Note its important to set it both as the name and key properties.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: statestore
  5.   namespace: default
  6. spec:
  7.   type: state.redis
  8.   version: v1
  9.   metadata:
  10.   - name: redisHost
  11.     value: "[redis]:6379"
  12.   - name: redisPassword
  13.     secretKeyRef:
  14.       name: redisPassword
  15.       key: redisPassword
  16. auth:
  17.     secretStore: awssecretmanager

Warning

The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.

Related links

Last modified February 16, 2021: Merge pull request #1235 from dapr/update-v0.11 (b4e9fbb)