This document shows how to enable GCP Secret Manager secret store using Dapr Secrets Component for self hosted and Kubernetes mode.
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: gcpsecretmanager
spec:
type: secretstores.gcp.secretmanager
metadata:
- name: type
value: service_account
- name: project_id
value: project_111
- name: private_key_id
value: *************
- name: client_email
value: [email protected]
- name: client_id
value: '1111111111111111'
- name: auth_uri
value: https://accounts.google.com/o/oauth2/auth
- name: token_uri
value: https://oauth2.googleapis.com/token
- name: auth_provider_x509_cert_url
value: https://www.googleapis.com/oauth2/v1/certs
- name: client_x509_cert_url
value: https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com
- name: private_key
value: PRIVATE KEYTo deploy in Kubernetes, save the file above to gcp_secret_manager.yaml and then run:
kubectl apply -f gcp_secret_manager.yamlWhen running in self hosted mode, place this file in a components directory under the Dapr working directory.
This example shows you how to take the Redis password from the GCP Secret Manager secret store.
Here, you created a secret named redisPassword in GCP Secret Manager. Note its important to set it both as the name and key properties.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
spec:
type: state.redis
metadata:
- name: redisHost
value: "[redis]:6379"
- name: redisPassword
secretKeyRef:
name: redisPassword
key: redisPassword
auth:
secretStore: gcpsecretmanager