HashiCorp Vault

Detailed information on the HashiCorp Vault secret store component

Create the Vault component

To setup HashiCorp Vault secret store create a component of type secretstores.hashicorp.vault. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

apiVersion: dapr.io/v1alpha1
kind: Component
  name: vault
  namespace: default
  type: secretstores.hashicorp.vault
  version: v1
  - name: vaultAddr
    value: [vault_address] # Optional. Default: ""
  - name: caCert # Optional. This or caPath or caPem
    value: "[ca_cert]"
  - name: caPath # Optional. This or CaCert or caPem
    value: "[path_to_ca_cert_file]"
  - name: caPem # Optional. This or CaCert or CaPath
    value : "[encoded_ca_cert_pem]"
  - name: skipVerify # Optional. Default: false
    value : "[skip_tls_verification]"
  - name: tlsServerName # Optional.
    value : "[tls_config_server_name]"
  - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
    value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "[path_to_file_containing_token]"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"

Spec metadata fields

vaultAddrNThe address of the Vault server. Defaults to """"
caCertNCertificate Authority use only one of the options. The encoded cacerts to use"cacerts"
caPathNCertificate Authority use only one of the options. The path to a CA cert file"path/to/cacert/file"
caPemNCertificate Authority use only one of the options. The encoded cacert pem to use"encodedpem"
skipVerifyNSkip TLS verification. Defaults to "false""true", "false"
tlsServerNameNTLS config server name"tls-server"
vaultTokenMountPathYPath to file containing token"path/to/file"
vaultTokenYToken for authentication within Vault."tokenValue"
vaultKVPrefixNThe prefix in vault. Defautls to "dapr""dapr", "myprefix"

Setup Hashicorp Vault instance

Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.

For Kubernetes, you can use the Helm Chart: https://github.com/hashicorp/vault-helm.