Radius Secret Store

Learn how to define a secret store

Note that only Kubernetes Secrets are currently supported with more to come in the future.

Resource format

Creating a new Secret Store

resource appCert 'Applications.Core/secretStores@2023-10-01-preview' = {
  name: 'appcert'
  properties:{
    application: app.id
    type: 'certificate'
    data: {
      'tls.key': {
        value: tlskey
      }
      'tls.crt': {
        value: tlscrt
      }
    }
  }
}

Referencing an existing Secret Store

resource existingAppCert 'Applications.Core/secretStores@2023-10-01-preview' = {
  name: 'existing-appcert'
  properties:{
    application: app.id
    resource: 'secret-app-existing-secret' // Reference to the name of an external secret store
    type: 'certificate' // The type of secret in your resource
    data: {
      // The keys in this object are the names of the secrets in an external secret store
      'tls.crt': {}
      'tls.key': {}
    }
  }
}

Top-level

Key Required Description Example
name y The name of your Secret Store. 'secret'
location y The location of your resource. See common values for more information. global
properties y Properties of the resource. See below

properties

Key Required Description Example
application y The ID of the application resource this resource belongs to. app.id
resource n Reference to the backing secret store resource, required only if valueFrom specifies referenced secret name. namespace/secretName
type y The type of secret in your resource. 'certificate'
data y An object to represent key-value type secrets. See below
data

This property is an object to represent key-value type secrets. You define your own key for each secret (e.g. 'tls.key'), with the encoding, value, and valueFrom properties representing each secret value:

Key Required Description Example
value y The value of the secret key. 'secretString'
encoding n The encoding type of the data value (default is 'raw'). 'base64'
valueFrom n A reference to an external secret. This field is currently not in use, as it is meant for supporting more types of external secrets in the future. See below
valueFrom

Note: valueFrom is not supported for Kubernetes Secrets, but may be used for other secret store types in the future.

Key Required Description Example
name y The name of the secret or key of properties.resource. 'secret_key1_name'
version n The version of the secret. 1