HashiCorp Vault

详细介绍了关于 HashiCorp Vault密钥仓库组件的信息

创建 Vault 组件

要设置HashiCorp Vault密钥仓库,请创建一个类型为secretstores.hashicorp.vault的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: vault
  namespace: default
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
  - name: caCert # Optional. This or caPath or caPem
    value: "[ca_cert]"
  - name: caPath # Optional. This or CaCert or caPem
    value: "[path_to_ca_cert_file]"
  - name: caPem # Optional. This or CaCert or CaPath
    value : "[encoded_ca_cert_pem]"
  - name: skipVerify # Optional. Default: false
    value : "[skip_tls_verification]"
  - name: tlsServerName # Optional.
    value : "[tls_config_server_name]"
  - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
    value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "[path_to_file_containing_token]"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"

元数据字段规范

字段必填详情Example
vaultAddrNVault服务器的地址 默认值为 "https://127.0.0.1:8200""https://127.0.0.1:8200"
caCertNCertificate Authority只使用其中一个选项。 要使用的加密cacerts"cacerts"
caPathNCertificate Authority只使用其中一个选项。 CA证书文件的路径"path/to/cacert/file"
caPemNCertificate Authority只使用其中一个选项。 要是用的加密cacert pem"encodedpem"
skipVerifyN跳过 TLS 验证。 默认值为 "false""true", "false"
tlsServerNameNTLS 配置服务器名称"tls-server"
vaultTokenMountPathY包含token的文件路径"path/to/file"
vaultTokenYToken for authentication within Vault."tokenValue"
vaultKVPrefixN仓库前缀 默认值为 "dapr""dapr", "myprefix"

设置 Hashicorp Vault实例


参考Vault文档设置Hashicorp Vault:https://www.vaultproject.io/docs/install/index.html。


对于Kubernetes,你可以使用Helm Chart:https://github.com/hashicorp/vault-helm

相关链接