The documentation you are viewing is for Dapr v0.11 which is an older version of Dapr. For up-to-date documentation, see the latest version.

HashiCorp Vault

Detailed information on the HashiCorp Vault secret store component

Setup Hashicorp Vault instance


Setup Hashicorp Vault using the Vault documentation: https://www.vaultproject.io/docs/install/index.html.


For Kubernetes, you can use the Helm Chart: https://github.com/hashicorp/vault-helm.

Create the Vault component

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: vault
  namespace: default
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
  - name: caCert # Optional. This or caPath or caPem
    value: "[ca_cert]"
  - name: caPath # Optional. This or CaCert or caPem
    value: "[path_to_ca_cert_file]"
  - name: caPem # Optional. This or CaCert or CaPath
    value : "[encoded_ca_cert_pem]"
  - name: skipVerify # Optional. Default: false
    value : "[skip_tls_verification]"
  - name: tlsServerName # Optional.
    value : "[tls_config_server_name]"
  - name: vaultTokenMountPath # Required. Path to token file.
    value : "[path_to_file_containing_token]"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"

To run locally, create a components dir containing the YAML file and provide the path to the dapr run command with the flag --components-path.


To deploy in Kubernetes, save the file above to vault.yaml and then run:

kubectl apply -f vault.yaml

Example

This example shows you how to take the Redis password from the Vault secret store.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: statestore
  namespace: default
spec:
  type: state.redis
  version: v1
  metadata:
  - name: redisHost
    value: "[redis]:6379"
  - name: redisPassword
    secretKeyRef:
      name: redisPassword
      key: redisPassword
auth:
    secretStore: vault
Last modified July 7, 2022: update nav bar v0.11 (#2633) (b309d3d)