Radius Secret Store
Learn how to define a secret store
Note that only Kubernetes Secrets are currently supported with more to come in the future.
Resource format
Creating a new Secret Store
resource appCert 'Applications.Core/secretStores@2023-10-01-preview' = {
name: 'appcert'
properties:{
application: app.id
type: 'certificate'
data: {
'tls.key': {
value: tlskey
}
'tls.crt': {
value: tlscrt
}
}
}
}
Referencing an existing Secret Store
resource existingAppCert 'Applications.Core/secretStores@2023-10-01-preview' = {
name: 'existing-appcert'
properties:{
application: app.id
resource: 'secret-app-existing-secret' // Reference to the name of an external secret store
type: 'certificate' // The type of secret in your resource
data: {
// The keys in this object are the names of the secrets in an external secret store
'tls.crt': {}
'tls.key': {}
}
}
}
Top-level
| Key | Required | Description | Example |
|---|---|---|---|
| name | y | The name of your Secret Store. | 'secret' |
| location | y | The location of your resource. See common values for more information. | global |
| properties | y | Properties of the resource. | See below |
properties
| Key | Required | Description | Example |
|---|---|---|---|
| application | n | The ID of the application resource this resource belongs to. | app.id |
| resource | n | Reference to the backing secret store resource, required only if valueFrom specifies referenced secret name. | namespace/secretName |
| type | y | The type of secret in your resource. | 'certificate' |
| data | y | An object to represent key-value type secrets. | See below |
data
This property is an object to represent key-value type secrets. You define your own key for each secret (e.g. 'tls.key'), with the encoding, value, and valueFrom properties representing each secret value:
| Key | Required | Description | Example |
|---|---|---|---|
| value | y | The value of the secret key. | 'secretString' |
| encoding | n | The encoding type of the data value (default is 'raw'). |
'base64' |
| valueFrom | n | A reference to an external secret. This field is currently not in use, as it is meant for supporting more types of external secrets in the future. | See below |
valueFrom
Note: valueFrom is not supported for Kubernetes Secrets, but may be used for other secret store types in the future.
| Key | Required | Description | Example |
|---|---|---|---|
| name | y | The name of the secret or key of properties.resource. |
'secret_key1_name' |
| version | n | The version of the secret. | 1 |
Feedback
Was this page helpful?
Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.
Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.