GCP Secret Manager
Detailed information on the GCP Secret Manager secret store component
Component format
To setup GCP Secret Manager secret store create a component of type secretstores.gcp.secretmanager. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: gcpsecretmanager
spec:
type: secretstores.gcp.secretmanager
version: v1
metadata:
- name: type
value: <replace-with-account-type>
- name: project_id
value: <replace-with-project-id>
- name: private_key_id
value: <replace-with-private-key-id>
- name: client_email
value: <replace-with-email>
- name: client_id
value: <replace-with-client-id>
- name: auth_uri
value: <replace-with-auth-uri>
- name: token_uri
value: <replace-with-token-uri>
- name: auth_provider_x509_cert_url
value: <replace-with-auth-provider-cert-url>
- name: client_x509_cert_url
value: <replace-with-client-cert-url>
- name: private_key
value: <replace-with-private-key>
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
| type | Y | The type of the account. | "service_account" |
| project_id | Y | The project ID associated with this component. | "project_id" |
| private_key_id | N | The private key ID | "privatekey" |
| client_email | Y | The client email address | "client@example.com" |
| client_id | N | The ID of the client | "11111111" |
| auth_uri | N | The authentication URI | "https://accounts.google.com/o/oauth2/auth" |
| token_uri | N | The authentication token URI | "https://oauth2.googleapis.com/token" |
| auth_provider_x509_cert_url | N | The certificate URL for the auth provider | "https://www.googleapis.com/oauth2/v1/certs" |
| client_x509_cert_url | N | The certificate URL for the client | "https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com" |
| private_key | Y | The private key for authentication | "privateKey" |
Optional per-request metadata properties
The following optional query parameters can be provided to the GCP Secret Manager component:
| Query Parameter | Description |
|---|---|
metadata.version_id |
Version for the given secret key. |
Setup GCP Secret Manager instance
Setup GCP Secret Manager using the GCP documentation: https://cloud.google.com/secret-manager/docs/quickstart.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified August 9, 2023: Update gcp-secret-manager.md (#3671) (44c0256b)