AWS Secrets Manager
Detailed information on the secret store component
Component format
To setup AWS Secrets Manager secret store create a component of type secretstores.aws.secretmanager. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
See Authenticating to AWS for information about authentication-related attributes.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: awssecretmanager
spec:
type: secretstores.aws.secretmanager
version: v1
metadata:
- name: region
value: "[aws_region]"
- name: accessKey
value: "[aws_access_key]"
- name: secretKey
value: "[aws_secret_key]"
- name: sessionToken
value: "[aws_session_token]"
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
| region | Y | The specific AWS region the AWS Secrets Manager instance is deployed in | "us-east-1" |
| accessKey | Y | The AWS Access Key to access this resource | "key" |
| secretKey | Y | The AWS Secret Access Key to access this resource | "secretAccessKey" |
| sessionToken | N | The AWS session token to use | "sessionToken" |
Important
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you’re using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you’re using.Optional per-request metadata properties
The following optional query parameters can be provided when retrieving secrets from this secret store:
| Query Parameter | Description |
|---|---|
metadata.version_id |
Version for the given secret key. |
metadata.version_stage |
Version stage for the given secret key. |
Create an AWS Secrets Manager instance
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
- Authenticating to AWS
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified November 19, 2024: Merge pull request #4407 from hhunter-ms/issue_3321 (1d418a4)