GCP Secret Manager
Detailed information on the GCP Secret Manager secret store component
Component format
To setup GCP Secret Manager secret store create a component of type secretstores.gcp.secretmanager
. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: gcpsecretmanager
spec:
type: secretstores.gcp.secretmanager
version: v1
metadata:
- name: type
value: <replace-with-account-type>
- name: project_id
value: <replace-with-project-id>
- name: private_key_id
value: <replace-with-private-key-id>
- name: client_email
value: <replace-with-email>
- name: client_id
value: <replace-with-client-id>
- name: auth_uri
value: <replace-with-auth-uri>
- name: token_uri
value: <replace-with-token-uri>
- name: auth_provider_x509_cert_url
value: <replace-with-auth-provider-cert-url>
- name: client_x509_cert_url
value: <replace-with-client-cert-url>
- name: private_key
value: <replace-with-private-key>
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.
Spec metadata fields
Field | Required | Details | Example |
---|---|---|---|
type | Y | The type of the account. | “service_account” |
project_id | Y | The project ID associated with this component. | “project_id” |
private_key_id | N | The private key ID | “privatekey” |
client_email | Y | The client email address | “client@example.com” |
client_id | N | The ID of the client | “11111111” |
auth_uri | N | The authentication URI | “https://accounts.google.com/o/oauth2/auth“ |
token_uri | N | The authentication token URI | “https://oauth2.googleapis.com/token“ |
auth_provider_x509_cert_url | N | The certificate URL for the auth provider | “https://www.googleapis.com/oauth2/v1/certs“ |
client_x509_cert_url | N | The certificate URL for the client | “https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com“ |
private_key | Y | The private key for authentication | “privateKey” |
Optional per-request metadata properties
The following optional query parameters can be provided to the GCP Secret Manager component:
Query Parameter | Description |
---|---|
metadata.version_id | Version for the given secret key. |
Setup GCP Secret Manager instance
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
Last modified October 12, 2023: Update config.toml (#3826) (0ffc2e7)