AWS Secrets Manager
Detailed information on the decret store component
Component format
To setup AWS Secrets Manager secret store create a component of type secretstores.aws.secretmanager
. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
See Authenticating to AWS for information about authentication-related attributes.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: awssecretmanager
namespace: default
spec:
type: secretstores.aws.secretmanager
version: v1
metadata:
- name: region
value: "[aws_region]"
- name: accessKey
value: "[aws_access_key]"
- name: secretKey
value: "[aws_secret_key]"
- name: sessionToken
value: "[aws_session_token]"
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.
Spec metadata fields
Field | Required | Details | Example |
---|---|---|---|
region | Y | The specific AWS region the AWS Secrets Manager instance is deployed in | “us-east-1” |
accessKey | Y | The AWS Access Key to access this resource | “key” |
secretKey | Y | The AWS Secret Access Key to access this resource | “secretAccessKey” |
sessionToken | N | The AWS session token to use | “sessionToken” |
Create an AWS Secrets Manager instance
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
- Authenticating to AWS
Last modified September 17, 2021 : Merge pull request #1757 from georgestevens99/1440SecretKeyRefExplanation (620a5f8)