AWS Secrets Manager
To setup AWS Secrets Manager secret store create a component of type
secretstores.aws.secretmanager. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
See Authenticating to AWS for information about authentication-related attributes.
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: awssecretmanager spec: type: secretstores.aws.secretmanager version: v1 metadata: - name: region value: "[aws_region]" - name: accessKey value: "[aws_access_key]" - name: secretKey value: "[aws_secret_key]" - name: sessionToken value: "[aws_session_token]"
WarningThe above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.
Spec metadata fields
|region||Y||The specific AWS region the AWS Secrets Manager instance is deployed in||
|accessKey||Y||The AWS Access Key to access this resource||
|secretKey||Y||The AWS Secret Access Key to access this resource||
|sessionToken||N||The AWS session token to use||
ImportantWhen running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you’re using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you’re using.
Create an AWS Secrets Manager instance
Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
- Authenticating to AWS
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.