Quickstart: Secrets Management

Get started with Dapr’s Secrets Management building block

Dapr provides a dedicated secrets API that allows developers to retrieve secrets from a secrets store. In this quickstart, you:

  1. Run a microservice with a secret store component.
  2. Retrieve secrets using the Dapr secrets API in the application code.

Diagram showing secrets management of example service.

Select your preferred language-specific Dapr SDK before proceeding with the Quickstart.

Pre-requisites

For this example, you will need:

Step 1: Set up the environment

Clone the sample provided in the Quickstarts repo.

  1. git clone https://github.com/dapr/quickstarts.git

Step 2: Retrieve the secret

In a terminal window, navigate to the order-processor directory.

  1. cd secrets_management/python/sdk/order-processor

Install the dependencies:

  1. pip3 install -r requirements.txt

Run the order-processor service alongside a Dapr sidecar.

  1. dapr run --app-id order-processor --resources-path ../../../components/ -- python3 app.py

Note: Since Python3.exe is not defined in Windows, you may need to use python app.py instead of python3 app.py.

Behind the scenes

order-processor service

Notice how the order-processor service below points to:

  • The DAPR_SECRET_STORE defined in the local-secret-store.yaml component.
  • The secret defined in secrets.json.
  1. # app.py
  2. DAPR_SECRET_STORE = 'localsecretstore'
  3. SECRET_NAME = 'secret'
  4. with DaprClient() as client:
  5. secret = client.get_secret(store_name=DAPR_SECRET_STORE, key=SECRET_NAME)
  6. logging.info('Fetched Secret: %s', secret.secret)

local-secret-store.yaml component

DAPR_SECRET_STORE is defined in the local-secret-store.yaml component file, located in secrets_management/components:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: localsecretstore
  5. namespace: default
  6. spec:
  7. type: secretstores.local.file
  8. version: v1
  9. metadata:
  10. - name: secretsFile
  11. value: secrets.json
  12. - name: nestedSeparator
  13. value: ":"

In the YAML file:

  • metadata/name is how your application references the component (called DAPR_SECRET_STORE in the code sample).
  • spec/metadata defines the connection to the secret used by the component.

secrets.json file

SECRET_NAME is defined in the secrets.json file, located in secrets_management/python/sdk/order-processor:

  1. {
  2. "secret": "YourPasskeyHere"
  3. }

Step 3: View the order-processor outputs

As specified in the application code above, the order-processor service retrieves the secret via the Dapr secret store and displays it in the console.

Order-processor output:

  1. == APP == INFO:root:Fetched Secret: {'secret': 'YourPasskeyHere'}

Pre-requisites

For this example, you will need:

Step 1: Set up the environment

Clone the sample provided in the Quickstarts repo.

  1. git clone https://github.com/dapr/quickstarts.git

Step 2: Retrieve the secret

In a terminal window, navigate to the order-processor directory.

  1. cd secrets_management/javascript/sdk/order-processor

Install the dependencies:

  1. npm install

Run the order-processor service alongside a Dapr sidecar.

  1. dapr run --app-id order-processor --resources-path ../../../components/ -- npm start

Behind the scenes

order-processor service

Notice how the order-processor service below points to:

  • The DAPR_SECRET_STORE defined in the local-secret-store.yaml component.
  • The secret defined in secrets.json.
  1. // index.js
  2. const DAPR_SECRET_STORE = "localsecretstore";
  3. const SECRET_NAME = "secret";
  4. async function main() {
  5. // ...
  6. const secret = await client.secret.get(DAPR_SECRET_STORE, SECRET_NAME);
  7. console.log("Fetched Secret: " + JSON.stringify(secret));
  8. }

local-secret-store.yaml component

DAPR_SECRET_STORE is defined in the local-secret-store.yaml component file, located in secrets_management/components:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: localsecretstore
  5. namespace: default
  6. spec:
  7. type: secretstores.local.file
  8. version: v1
  9. metadata:
  10. - name: secretsFile
  11. value: secrets.json
  12. - name: nestedSeparator
  13. value: ":"

In the YAML file:

  • metadata/name is how your application references the component (called DAPR_SECRET_STORE in the code sample).
  • spec/metadata defines the connection to the secret used by the component.

secrets.json file

SECRET_NAME is defined in the secrets.json file, located in secrets_management/javascript/sdk/order-processor:

  1. {
  2. "secret": "YourPasskeyHere"
  3. }

Step 3: View the order-processor outputs

As specified in the application code above, the order-processor service retrieves the secret via the Dapr secret store and displays it in the console.

Order-processor output:

  1. == APP ==
  2. == APP == > order-processor@1.0.0 start
  3. == APP == > node index.js
  4. == APP ==
  5. == APP == Fetched Secret: {"secret":"YourPasskeyHere"}

Pre-requisites

For this example, you will need:

Step 1: Set up the environment

Clone the sample provided in the Quickstarts repo.

  1. git clone https://github.com/dapr/quickstarts.git

Step 2: Retrieve the secret

In a terminal window, navigate to the order-processor directory.

  1. cd secrets_management/csharp/sdk/order-processor

Install the dependencies:

  1. dotnet restore
  2. dotnet build

Run the order-processor service alongside a Dapr sidecar.

  1. dapr run --app-id order-processor --resources-path ../../../components/ -- dotnet run

Behind the scenes

order-processor service

Notice how the order-processor service below points to:

  • The DAPR_SECRET_STORE defined in the local-secret-store.yaml component.
  • The secret defined in secrets.json.
  1. // Program.cs
  2. const string DAPR_SECRET_STORE = "localsecretstore";
  3. const string SECRET_NAME = "secret";
  4. var client = new DaprClientBuilder().Build();
  5. var secret = await client.GetSecretAsync(DAPR_SECRET_STORE, SECRET_NAME);
  6. var secretValue = string.Join(", ", secret);
  7. Console.WriteLine($"Fetched Secret: {secretValue}");

local-secret-store.yaml component

DAPR_SECRET_STORE is defined in the local-secret-store.yaml component file, located in secrets_management/components:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: localsecretstore
  5. namespace: default
  6. spec:
  7. type: secretstores.local.file
  8. version: v1
  9. metadata:
  10. - name: secretsFile
  11. value: secrets.json
  12. - name: nestedSeparator
  13. value: ":"

In the YAML file:

  • metadata/name is how your application references the component (called DAPR_SECRET_NAME in the code sample).
  • spec/metadata defines the connection to the secret used by the component.

secrets.json file

SECRET_NAME is defined in the secrets.json file, located in secrets_management/csharp/sdk/order-processor:

  1. {
  2. "secret": "YourPasskeyHere"
  3. }

Step 3: View the order-processor outputs

As specified in the application code above, the order-processor service retrieves the secret via the Dapr secret store and displays it in the console.

Order-processor output:

  1. == APP == Fetched Secret: [secret, YourPasskeyHere]

Pre-requisites

For this example, you will need:

Step 1: Set up the environment

Clone the sample provided in the Quickstarts repo.

  1. git clone https://github.com/dapr/quickstarts.git

Step 2: Retrieve the secret

In a terminal window, navigate to the order-processor directory.

  1. cd secrets_management/java/sdk/order-processor

Install the dependencies:

  1. mvn clean install

Run the order-processor service alongside a Dapr sidecar.

  1. dapr run --app-id order-processor --resources-path ../../../components/ -- java -jar target/OrderProcessingService-0.0.1-SNAPSHOT.jar

Behind the scenes

order-processor service

Notice how the order-processor service below points to:

  • The DAPR_SECRET_STORE defined in the local-secret-store.yaml component.
  • The secret defined in secrets.json.
  1. // OrderProcessingServiceApplication.java
  2. private static final String SECRET_STORE_NAME = "localsecretstore";
  3. // ...
  4. Map<String, String> secret = client.getSecret(SECRET_STORE_NAME, "secret").block();
  5. System.out.println("Fetched Secret: " + secret);

local-secret-store.yaml component

DAPR_SECRET_STORE is defined in the local-secret-store.yaml component file, located in secrets_management/components:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: localsecretstore
  5. namespace: default
  6. spec:
  7. type: secretstores.local.file
  8. version: v1
  9. metadata:
  10. - name: secretsFile
  11. value: secrets.json
  12. - name: nestedSeparator
  13. value: ":"

In the YAML file:

  • metadata/name is how your application references the component (called DAPR_SECRET_NAME in the code sample).
  • spec/metadata defines the connection to the secret used by the component.

secrets.json file

SECRET_NAME is defined in the secrets.json file, located in secrets_management/java/sdk/order-processor:

  1. {
  2. "secret": "YourPasskeyHere"
  3. }

Step 3: View the order-processor outputs

As specified in the application code above, the order-processor service retrieves the secret via the Dapr secret store and displays it in the console.

Order-processor output:

  1. == APP == Fetched Secret: {secret=YourPasskeyHere}

Pre-requisites

For this example, you will need:

Step 1: Set up the environment

Clone the sample provided in the Quickstarts repo.

  1. git clone https://github.com/dapr/quickstarts.git

Step 2: Retrieve the secret

In a terminal window, navigate to the order-processor directory.

  1. cd secrets_management/go/sdk/order-processor

Install the dependencies:

  1. go build .

Run the order-processor service alongside a Dapr sidecar.

  1. dapr run --app-id order-processor --resources-path ../../../components/ -- go run .

Behind the scenes

order-processor service

Notice how the order-processor service below points to:

  • The DAPR_SECRET_STORE defined in the local-secret-store.yaml component.
  • The secret defined in secrets.json.
  1. const DAPR_SECRET_STORE = "localsecretstore"
  2. const SECRET_NAME = "secret"
  3. // ...
  4. secret, err := client.GetSecret(ctx, DAPR_SECRET_STORE, SECRET_NAME, nil)
  5. if secret != nil {
  6. fmt.Println("Fetched Secret: ", secret[SECRET_NAME])
  7. }

local-secret-store.yaml component

DAPR_SECRET_STORE is defined in the local-secret-store.yaml component file, located in secrets_management/components:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: localsecretstore
  5. namespace: default
  6. spec:
  7. type: secretstores.local.file
  8. version: v1
  9. metadata:
  10. - name: secretsFile
  11. value: secrets.json
  12. - name: nestedSeparator
  13. value: ":"

In the YAML file:

  • metadata/name is how your application references the component (called DAPR_SECRET_NAME in the code sample).
  • spec/metadata defines the connection to the secret used by the component.

secrets.json file

SECRET_NAME is defined in the secrets.json file, located in secrets_management/go/sdk/order-processor:

  1. {
  2. "secret": "YourPasskeyHere"
  3. }

Step 3: View the order-processor outputs

As specified in the application code above, the order-processor service retrieves the secret via the Dapr secret store and displays it in the console.

Order-processor output:

  1. == APP == Fetched Secret: YourPasskeyHere

Tell us what you think!

We’re continuously working to improve our Quickstart examples and value your feedback. Did you find this Quickstart helpful? Do you have suggestions for improvement?

Join the discussion in our discord channel.

Next steps

Explore Dapr tutorials >>

Last modified October 11, 2024: Fixed typo (#4389) (fe17926)