Kubernetes Secrets
Detailed information on the Kubernetes secret cryptography component
Component format
The purpose of this component is to load the Kubernetes secret named after the key name.
Note
This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.
A Dapr crypto.yaml
component file has the following structure:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: <NAME>
spec:
type: crypto.dapr.kubernetes.secrets
version: v1
metadata:[]
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.
Spec metadata fields
| Field | Required | Details | Example | |——————–|:——–:|————|—–|———| | defaultNamespace
| N | Default namespace to retrieve secrets from. If unset, the namespace must be specified for each key, as namespace/secretName/key
| "default-ns"
| | kubeconfigPath
| N | The path to the kubeconfig file. If not specified, the component uses the default in-cluster config value | "/path/to/kubeconfig"