How To: Create new Secret Store

Learn how to create new secrets in your Radius Application

Tags:

secrets

Radius secret stores securely manage secrets for your Environment and Application.

By default, Radius leverages the hosting platform’s secrets management solution to create and store the secret. For example, if you are deploying to Kubernetes, the secret store will be created as a Kubernetes Secret.

Pre-requisites

Step 1: Add a Secret Store

Open the app.bicep from the current working directory and add a new Secret Store resource

@description('The data for your TLS certificate')
@secure()
param tlscrt string

@description('The key for your TLS certificate')
@secure()
param tlskey string

resource appCert 'Applications.Core/secretStores@2023-10-01-preview' = {
  name: 'appcert'
  properties:{
    application: application
    type: 'certificate'
    data: {
      'tls.key': {
        value: tlskey
      }
      'tls.crt': {
        value: tlscrt
      }
    }
  }
}

In this example a new secret store resource is created for storing a TLS certificate in it.

Step 2: Deploy the application

Deploy the application with rad deploy:

rad deploy app.bicep -a secretdemo

Step 3: Verify the secrets are deployed

Use the below command to verify if the secret got deployed:

kubectl get secret -n default-secretdemo

You will find appCert of type kubernetes.io/tls automatically created.

Feedback

Was this page helpful?

Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.

Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.