Azure App Configuration

Detailed information on the Azure App Configuration configuration store component

Component format

To set up an Azure App Configuration configuration store, create a component of type configuration.azure.appconfig.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. spec:
  6. type: configuration.azure.appconfig
  7. version: v1
  8. metadata:
  9. - name: host # host should be used when Azure Authentication mechanism is used.
  10. value: <HOST>
  11. - name: connectionString # connectionString should not be used when Azure Authentication mechanism is used.
  12. value: <CONNECTIONSTRING>
  13. - name: maxRetries
  14. value: # Optional
  15. - name: retryDelay
  16. value: # Optional
  17. - name: maxRetryDelay
  18. value: # Optional
  19. - name: azureEnvironment # Optional, defaults to AZUREPUBLICCLOUD
  20. value: "AZUREPUBLICCLOUD"
  21. # See authentication section below for all options
  22. - name: azureTenantId # Optional
  23. value: "[your_service_principal_tenant_id]"
  24. - name: azureClientId # Optional
  25. value: "[your_service_principal_app_id]"
  26. - name: azureCertificateFile # Optional
  27. value : "[pfx_certificate_file_fully_qualified_local_path]"
  28. - name: subscribePollInterval # Optional
  29. value: #Optional [Expected format example - 1s|1m|1h]

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Spec metadata fields

FieldRequiredDetailsExample
connectionStringYConnection String for the Azure App Configuration instance. No Default. Can be secretKeyRef to use a secret reference. Mutally exclusive with host field. Not to be used when Azure Authentication is usedEndpoint=https://foo.azconfig.io;Id=osOX-l9-s0:sig;Secret=00000000000000000000000000000000000000000000
hostNEndpoint for the Azure App Configuration instance. No Default. Mutally exclusive with connectionString field. To be used when Azure Authentication is usedhttps://dapr.azconfig.io
maxRetriesNMaximum number of retries before giving up. Defaults to 35, 10
retryDelayNRetryDelay specifies the initial amount of delay to use before retrying an operation. The delay increases exponentially with each retry up to the maximum specified by MaxRetryDelay. Defaults to 4 seconds; “-1” disables delay between retries.4000000000
maxRetryDelayNMaxRetryDelay specifies the maximum delay allowed before retrying an operation. Typically the value is greater than or equal to the value specified in RetryDelay. Defaults to 120 seconds; “-1” disables the limit120000000000
subscribePollIntervalNsubscribePollInterval specifies the poll interval for polling the subscribed keys for any changes. Default polling interval is set to 24 hours.

Note: either host or connectionString must be specified.

Authenticating with Connection String

Access an App Configuration instance using its connection string, which is available in the Azure portal. Since connection strings contain credential information, you should treat them as secrets and use a secret store.

Authenticating with Azure AD

The Azure App Configuration configuration store component also supports authentication with Azure AD. Before you enable this component:

  • Read the Authenticating to Azure document.
  • Create an Azure AD application (also called Service Principal).
  • Alternatively, create a managed identity for your application platform.

Set up Azure App Configuration

You need an Azure subscription to set up Azure App Configuration.

  1. Start the Azure App Configuration creation flow. Log in if necessary.

  2. Click Create to kickoff deployment of your Azure App Configuration instance.

  3. Once your instance is created, grab the Host (Endpoint) or your Connection string:

    • For the Host: navigate to the resource’s Overview and copy Endpoint.
    • For your connection string: navigate to Settings > Access Keys and copy your Connection string.
  4. Add your host or your connection string to an azappconfig.yaml file that Dapr can apply.

    Set the host key to [Endpoint] or the connectionString key to the values you saved earlier.

    Note

    In a production-grade application, follow the secret management instructions to securely manage your secrets.

Azure App Configuration request metadata

In Azure App Configuration, you can use labels to define different values for the same key. For example, you can define a single key with different values for development and production. You can specify which label to load when connecting to App Configuration

The Azure App Configuration store component supports the following optional label metadata property:

label: The label of the configuration to retrieve. If not present, the configuration store returns the configuration for the specified key and a null label.

The label can be populated using query parameters in the request URL:

  1. GET curl http://localhost:<daprPort>/v1.0/configuration/<store-name>?key=<key name>&metadata.label=<label value>

Last modified June 19, 2023: Merge pull request #3565 from dapr/aacrawfi/skip-secrets-close (b1763bf)