Skip to main content

Azure Key Vault

Type: secretstores.azure.keyvault

Status: stable

Reference: https://docs.dapr.io/reference/components-reference/supported-secret-stores/azure-keyvault/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
  name: <name>
spec:
  type: secretstores.azure.keyvault
  version: v1
  metadata:
    # Client ID (application ID)
    - name: azureClientId
      value: "c7dd251f-811f-4ba2-a905-acd4d3f8f08b"
    # Client secret (application password)
    - name: azureClientSecret
      value: "Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E"
    # ID of the Azure AD tenant
    - name: azureTenantId
      value: "cd4b2887-304c-47e1-b4d5-65447fdd542a"
    # Optional name for the Azure environment if using a different Azure cloud (Optional)
    #- name: azureEnvironment
    #  value: "AzurePublicCloud"
    # The Azure Key Vault name.
    - name: vaultName
      value: "mykeyvault"

Authentication profiles

Available authentication profiles:

  • Azure AD: Client credentials

  • Azure AD: Client certificate

Azure AD: Client credentials

Authenticate using Azure AD with client credentials, also known as "service principals".

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureClientSecret

Required - Client secret (application password)

Example value: Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Azure AD: Client certificate

Authenticate using Azure AD with a client certificate. "azureCertificate" is required.

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

azureCertificate

Certificate and private key (in either a PEM file containing both the certificate and key, or in PFX/PKCS#12 format)

Example value:

-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY-----
\n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE----- \n

azureCertificatePassword

Password for the certificate if encrypted.

Example value: password

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Metadata

vaultName (string)

Required - The Azure Key Vault name.

Example value: mykeyvault