GCP Secret Manager

Detailed information on the GCP Secret Manager secret store component

Component format

To setup GCP Secret Manager secret store create a component of type secretstores.gcp.secretmanager. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: gcpsecretmanager
  5. spec:
  6. type: secretstores.gcp.secretmanager
  7. version: v1
  8. metadata:
  9. - name: type
  10. value: <replace-with-account-type>
  11. - name: project_id
  12. value: <replace-with-project-id>
  13. - name: private_key_id
  14. value: <replace-with-private-key-id>
  15. - name: client_email
  16. value: <replace-with-email>
  17. - name: client_id
  18. value: <replace-with-client-id>
  19. - name: auth_uri
  20. value: <replace-with-auth-uri>
  21. - name: token_uri
  22. value: <replace-with-token-uri>
  23. - name: auth_provider_x509_cert_url
  24. value: <replace-with-auth-provider-cert-url>
  25. - name: client_x509_cert_url
  26. value: <replace-with-client-cert-url>
  27. - name: private_key
  28. value: <replace-with-private-key>

Warning

The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.

Spec metadata fields

FieldRequiredDetailsExample
typeYThe type of the account.“service_account”
project_idYThe project ID associated with this component.“project_id”
private_key_idNThe private key ID“privatekey”
client_emailYThe client email address“client@example.com”
client_idNThe ID of the client“11111111”
auth_uriNThe authentication URIhttps://accounts.google.com/o/oauth2/auth
token_uriNThe authentication token URIhttps://oauth2.googleapis.com/token
auth_provider_x509_cert_urlNThe certificate URL for the auth providerhttps://www.googleapis.com/oauth2/v1/certs
client_x509_cert_urlNThe certificate URL for the clienthttps://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com
private_keyYThe private key for authentication“privateKey”

Optional per-request metadata properties

The following optional query parameters can be provided to the GCP Secret Manager component:

Query ParameterDescription
metadata.version_idVersion for the given secret key.

Setup GCP Secret Manager instance

Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.

Last modified October 12, 2023: Update config.toml (#3826) (0ffc2e7)