HashiCorp Vault

详细介绍了关于 HashiCorp Vault密钥仓库组件的信息

创建 Vault 组件

要设置HashiCorp Vault密钥仓库,请创建一个类型为secretstores.hashicorp.vault的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: vault
  namespace: default
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
  - name: caCert # Optional. This or caPath or caPem
    value: "[ca_cert]"
  - name: caPath # Optional. This or CaCert or caPem
    value: "[path_to_ca_cert_file]"
  - name: caPem # Optional. This or CaCert or CaPath
    value : "[encoded_ca_cert_pem]"
  - name: skipVerify # Optional. Default: false
    value : "[skip_tls_verification]"
  - name: tlsServerName # Optional.
    value : "[tls_config_server_name]"
  - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
    value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "[path_to_file_containing_token]"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"

元数据字段规范

字段 必填 详情 Example
vaultAddr N Vault服务器的地址 默认值为 "https://127.0.0.1:8200" "https://127.0.0.1:8200"
caCert N Certificate Authority只使用其中一个选项。 要使用的加密cacerts "cacerts"
caPath N Certificate Authority只使用其中一个选项。 CA证书文件的路径 "path/to/cacert/file"
caPem N Certificate Authority只使用其中一个选项。 要是用的加密cacert pem "encodedpem"
skipVerify N 跳过 TLS 验证。 默认值为 "false" "true", "false"
tlsServerName N TLS 配置服务器名称 "tls-server"
vaultTokenMountPath Y 包含token的文件路径 "path/to/file"
vaultToken Y Token for authentication within Vault. "tokenValue"
vaultKVPrefix N 仓库前缀 默认值为 "dapr" "dapr", "myprefix"

设置 Hashicorp Vault实例


参考Vault文档设置Hashicorp Vault:https://www.vaultproject.io/docs/install/index.html。


对于Kubernetes,你可以使用Helm Chart:https://github.com/hashicorp/vault-helm

相关链接

Last modified January 1, 0001