Azure Key Vault
Detailed information on the Azure Key Vault cryptography component
Component format
A Dapr crypto.yaml component file has the following structure:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
spec:
type: crypto.azure.keyvault
metadata:
- name: vaultName
value: mykeyvault
# See authentication section below for all options
- name: azureTenantId
value: ${{AzureKeyVaultTenantId}}
- name: azureClientId
value: ${{AzureKeyVaultServicePrincipalClientId}}
- name: azureClientSecret
value: ${{AzureKeyVaultServicePrincipalClientSecret}}
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.Authenticating with Microsoft Entra ID
The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component:
- Read the Authenticating to Azure document.
- Create an Microsoft Entra ID application (also called a Service Principal).
- Alternatively, create a managed identity for your application platform.
Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
vaultName | Y | Azure Key Vault name | "mykeyvault" |
| Auth metadata | Y | See Authenticating to Azure for more information |