Dapr Secret Store resource

Learn how to use a Dapr Secret Store resource in Radius
Categories:

Overview

A dapr.io/SecretStore resource represents a Dapr secret store topic.

This resource will automatically create and deploy the Dapr component spec for the secret store.

Resource format


resource secretstore 'Applications.Dapr/secretStores@2023-10-01-preview' = {
  name: 'secretstore-generic'
  properties: {
    environment: environment
    application: app.id
    recipe: {
      // Name a specific Recipe to use
      name: 'secret-provider'
      // Optionally set recipe parameters if needed (specific to the Recipe)
      parameters: {
        // ....
      }
    }
  }
}


resource secretstore 'Applications.Dapr/secretStores@2023-10-01-preview' = {
  name: 'secretstore-generic'
  properties: {
    environment: environment
    application: app.id
    resourceProvisioning: 'manual'
    type: 'secretstores.azure.keyvault'
    metadata: {
      vaultName: {
        value: 'myvault'
      }
      azureTenantId: {
        value: '<GUID>'
      }
      azureClientId: {
        value: '<GUID>'
      }
      azureClientSecret: {
        value: '*****'
      }
    }
    version: 'v1'
  }
}

Top-level

Key Required Description Example
name y The name of the resource. Names must contain at most 63 characters, contain only lowercase alphanumeric characters, ‘-’, or ‘.’, start with an alphanumeric character, and end with an alphanumeric character. my-secretstore
location y The location of your resource. See common values for more information. global
properties y Properties of the resource. See below

Properties

Key Required Description Example
resourceProvisioning n Specifies how the underlying service/resource is provisioned and managed. Options are to provision automatically via ‘recipe’ or provision manually via ‘manual’. Selection determines which set of fields to additionally require. Defaults to ‘recipe’. manual
recipe n Configuration for the Recipe which will deploy the backing infrastructure. See below
resources n An array of IDs of the underlying resources. See below
type n The Dapr component type. Used when resourceProvisioning is manual. secretstores.azure.keyvault
metadata n Metadata for the Dapr component. Schema must match Dapr component { vaultName: {value: 'test'} }
version n The version of the Dapr component. See Dapr components for available versions. v1
componentName n (read-only) The name of the Dapr component that is generated and applied to the underlying system. Used by the Dapr SDKs or APIs to access the Dapr component. mysecretstore

Recipe

Property Required Description Example(s)
name n Specifies the name of the Recipe that should be deployed. If not set, the name defaults to default. name: 'azure-prod'
parameters n An object that contains a list of parameters to set on the Recipe. { size: 'large' }

Resources

Property Required Description Example(s)
id n Resource ID of the supporting resource. keyvault.id

Resource provisioning

Provision with a Recipe

Recipes automate infrastructure provisioning using approved templates. When no Recipe configuration is set Radius will use the Recipe registered as the default in the environment for the given resource. Otherwise, a Recipe name and parameters can optionally be set.

Provision manually

If you want to manually manage your infrastructure provisioning outside of Recipes, you can set resourceProvisioning to 'manual' and provide all necessary parameters and values the enable Radius to deploy or connect to the desired infrastructure.

Environment variables for connections

Other Radius resources, such as containers, may connect to a Dapr secret store resource via connections. When a connection to Dapr secret store named, for example, myconnection is declared, Radius injects values into environment variables that are then used to access the connected Dapr secret store resource:

Environment variable Example(s)
CONNECTION_MYCONNECTION_COMPONENTNAME mysecretstore