Merge pull request #287187 from hhunter-ms/hh-294307

[Dapr/ACA][SFI] Remove 'connection-string' secrets from Dapr components

Author: prmerger-automator[bot]

articles/container-apps/dapr-components.md

@@ -6,7 +6,7 @@ author: hhunter-ms
 ms.service: azure-container-apps
 ms.custom: build-2023
 ms.topic: conceptual
-ms.date: 08/02/2024
+ms.date: 09/23/2024
 ---
 
 # Dapr components in Azure Container Apps
@@ -154,15 +154,23 @@ scopes:
 
 #### Referencing Dapr secret store components
 
-Once you [create a Dapr secret store using one of the previous approaches](#creating-a-dapr-secret-store-component), you can reference that secret store from other Dapr components in the same environment. In the following example, the `secretStoreComponent` field is populated with the name of the secret store specified in the previous examples, where the `sb-root-connectionstring` is stored.
+Once you [create a Dapr secret store using one of the previous approaches](#creating-a-dapr-secret-store-component), you can reference that secret store from other Dapr components in the same environment. The following example demonstrates using Entra ID authentication.
 
 ```yaml
 componentType: pubsub.azure.servicebus.queue
 version: v1
-secretStoreComponent: "my-secret-store"
+secretStoreComponent: "[your_secret_store_name]"
 metadata:
-  - name: connectionString
-    secretRef: sb-root-connectionstring
+  - name: namespaceName
+    # Required when using Azure Authentication.
+    # Must be a fully-qualified domain name
+    value: "[your_servicebus_namespace.servicebus.windows.net]"
+  - name: azureTenantId
+    value: "[your_tenant_id]"
+  - name: azureClientId 
+    value: "[your_client_id]"
+  - name: azureClientSecret
+    secretRef: azClientSecret
 scopes:
   - publisher-app
   - subscriber-app
@@ -184,8 +192,16 @@ componentType: pubsub.azure.servicebus.queue
 version: v1
 secretStoreComponent: "my-secret-store"
 metadata:
-  - name: connectionString
-    secretRef: sb-root-connectionstring
+  - name: namespaceName
+    # Required when using Azure Authentication.
+    # Must be a fully-qualified domain name
+    value: "[your_servicebus_namespace.servicebus.windows.net]"
+  - name: azureTenantId
+    value: "[your_tenant_id]"
+  - name: azureClientId 
+    value: "[your_client_id]"
+  - name: azureClientSecret
+    secretRef: azClientSecret
 scopes:
   - publisher-app
   - subscriber-app
@@ -204,8 +220,16 @@ resource daprComponent 'daprComponents@2022-03-01' = {
     secretStoreComponent: 'my-secret-store'
     metadata: [
       {
-        name: 'connectionString'
-        secretRef: 'sb-root-connectionstring'
+        name: 'namespaceName'
+        // Required when using Azure Authentication.
+        // Must be a fully-qualified domain name
+        value: '[your_servicebus_namespace.servicebus.windows.net]'
+        name: 'azureTenantId'
+        value: '[your_tenant_id]'
+        name: 'azureClientId' 
+        value: '[your_client_id]'
+        name: 'azureClientSecret'
+        secretRef: 'azClientSecret'
       }
     ]
     scopes: [
@@ -232,8 +256,14 @@ This resource defines a Dapr component called `dapr-pubsub` via ARM.
         "secretScoreComponent": "my-secret-store",
         "metadata": [
           {
-            "name": "connectionString",
-            "secretRef": "sb-root-connectionstring"
+            "name": "namespaceName",
+            "value": "[your_servicebus_namespace.servicebus.windows.net]",
+            "name": "azureTenantId",
+            "value": "[your_tenant_id]",
+            "name": "azureClientId",
+            "value": "[your_client_id]",
+            "name": "azureClientSecret",
+            "secretRef": "azClientSecret"
           }
         ],
         "scopes": ["publisher-app", "subscriber-app"]