Skip to main content

Hashicorp Vault

Type: secretstores.hashicorp.vault

Status: stable

Reference: https://docs.dapr.io/reference/components-reference/supported-secret-stores/hashicorp-vault/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
  name: <name>
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
    # Token for authentication within Vault.
    - name: vaultToken
      value: "tokenValue"
    # The path to the CA certificate to use, in PEM format. (Optional)
    #- name: caCert
    #  value: | 
    #    path/to/cacert.pem
    # The inlined contents of the CA certificate to use, in PEM format. If defined, takes precedence over "caPath" and "caCert". (Optional)
    #- name: caPem
    #  value: | 
    #    -----BEGIN PUBLIC KEY-----
    #    ...Base64 encoding of the DER encoded certificate...
    #    -----END PUBLIC KEY-----
    #    
    # The engine path in vault. Defaults to "secret" (Optional)
    #- name: enginePath
    #  value: "kv"
    # Skip TLS verification. Defaults to false (Optional)
    #- name: skipVerify
    #  value: "true"
    # The name of the server requested during TLS handshake in order to support virtual hosting. This value is also used to verify the TLS certificate presented by Vault server. (Optional)
    #- name: tlsServerName
    #  value: "tls-server"
    # The address of the Vault server. Defaults to "https://127.0.0.1:8200" (Optional)
    #- name: vaultAddr
    #  value: "https://127.0.0.1:8200"
    # The prefix in vault. Defaults to "dapr" (Optional)
    #- name: vaultKVPrefix
    #  value: "myprefix"
    # If false, vaultKVPrefix is forced to be empty. If the value is not given or set to true, vaultKVPrefix is used when accessing the vault. Setting it to false is needed to be able to use the BulkGetSecret method of the store. (Optional)
    #- name: vaultKVUsePrefix
    #  value: "true"
    # Vault value type. map means to parse the value into map[string]string, text means to use the value as a string. "map" sets the multipleKeyValuesPerSecret behavior. text makes Vault behave as a secret store with name/value semantics. Defaults to "map" (Optional)
    #- name: vaultValueType
    #  value: "map"

Metadata

vaultToken (string)

Required - Token for authentication within Vault.

Example value: tokenValue

caCert (string)

The path to the CA certificate to use, in PEM format.

Example value:

path/to/cacert.pem

caPem (string)

The inlined contents of the CA certificate to use, in PEM format. If defined, takes precedence over "caPath" and "caCert".

Example value:

-----BEGIN PUBLIC KEY-----\n...Base64 encoding of the DER encoded certificate...\n-----END PUBLIC KEY-----

enginePath (string)

The engine path in vault. Defaults to "secret"

Example value: kv

skipVerify (string)

Skip TLS verification. Defaults to false

Example value: true

tlsServerName (string)

The name of the server requested during TLS handshake in order to support virtual hosting. This value is also used to verify the TLS certificate presented by Vault server.

Example value: tls-server

vaultAddr (string)

The address of the Vault server. Defaults to "https://127.0.0.1:8200"

Example value: https://127.0.0.1:8200

vaultKVPrefix (string)

The prefix in vault. Defaults to "dapr"

Example value: myprefix

vaultKVUsePrefix (bool)

If false, vaultKVPrefix is forced to be empty. If the value is not given or set to true, vaultKVPrefix is used when accessing the vault. Setting it to false is needed to be able to use the BulkGetSecret method of the store.

Example value: true

vaultValueType (string)

Vault value type. map means to parse the value into map[string]string, text means to use the value as a string. "map" sets the multipleKeyValuesPerSecret behavior. text makes Vault behave as a secret store with name/value semantics. Defaults to "map"

Example value: map