Kubernetes Secrets

Detailed information on the Kubernetes secret cryptography component

Component format

The purpose of this component is to load the Kubernetes secret named after the key name.

Note

This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.

A Dapr crypto.yaml component file has the following structure:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. spec:
  6. type: crypto.dapr.kubernetes.secrets
  7. version: v1
  8. metadata:[]

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.

Spec metadata fields

FieldRequiredDetailsExample
defaultNamespaceNDefault namespace to retrieve secrets from. If unset, the namespace must be specified for each key, as namespace/secretName/key“default-ns”
kubeconfigPathNThe path to the kubeconfig file. If not specified, the component uses the default in-cluster config value“/path/to/kubeconfig”

Cryptography building block

Last modified October 12, 2023: Update config.toml (#3826) (0ffc2e7)