You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: This article describes how to use Service Fabric Secrets Store.
2
+
title: Azure Service Fabric Central Secrets Store
3
+
description: This article describes how to use Central Secrets Store in Azure Service Fabric.
4
4
5
5
ms.topic: conceptual
6
6
ms.date: 07/25/2019
7
7
---
8
8
9
-
# Service Fabric Secrets Store
10
-
This article describes how to create and use secrets in Service Fabric applications using Service Fabric Secrets Store(CSS). CSS is a local secret store cache, used to keep sensitive data such as a password, tokens, and keys encrypted in memory.
9
+
# Central Secrets Store in Azure Service Fabric
10
+
This article describes how to use Central Secrets Store (CSS) in Azure Service Fabric to create secrets in Service Fabric applications. CSS is a local secret store cache that keeps sensitive data, such as a password, tokens, and keys, encrypted in memory.
11
11
12
-
## Enabling Secrets Store
13
-
Add the below to your cluster configuration under `fabricSettings` to enable CSS. It's recommended to use a certificate different from cluster certificate for CSS. Make sure the encryption certificate is installed on all nodes and `NetworkService` has read permission to certificate's private key.
12
+
## Enable Central Secrets Store
13
+
Add the following script to your cluster configuration under `fabricSettings` to enable CSS. We recommend that you use a certificate other than a cluster certificate for CSS. Make sure the encryption certificate is installed on all nodes and that `NetworkService` has read permission to the certificate's private key.
14
14
```json
15
15
"fabricSettings":
16
16
[
@@ -42,10 +42,14 @@ This article describes how to create and use secrets in Service Fabric applicati
42
42
...
43
43
]
44
44
```
45
-
## Declare secret resource
46
-
You can create a secret resource either using the Resource Manager template or using the REST API.
45
+
## Declare a secret resource
46
+
You can create a secret resource by using either the Azure Resource Manager template or the REST API.
47
+
48
+
### Use Resource Manager
49
+
50
+
Use the following template to use Resource Manager to create the secret resource. The template creates a `supersecret` secret resource, but no value is set for the secret resource yet.
51
+
47
52
48
-
* Using Resource Manager template
49
53
```json
50
54
"resources": [
51
55
{
@@ -62,20 +66,20 @@ You can create a secret resource either using the Resource Manager template or u
62
66
}
63
67
]
64
68
```
65
-
The above template creates `supersecret` secret resource, but no value is set for the secret resource yet.
66
69
67
-
* Using the REST API
70
+
### Use the REST API
68
71
69
-
To create secret resource, `supersecret` make a PUT request to `https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview`. You need the cluster certificate or admin client certificate to create a secret.
72
+
To create a `supersecret`secret resource by using the REST API, make a PUT request to `https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview`. You need the cluster certificate or admin client certificate to create a secret resource.
70
73
71
74
```powershell
72
75
Invoke-WebRequest -Uri https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview -Method PUT -CertificateThumbprint <CertThumbprint>
73
76
```
74
77
75
-
## Set secret value
76
-
* Using Resource Manager template
78
+
## Set the secret value
79
+
80
+
### Use the Resource Manager template
77
81
78
-
The below Resource Manager template creates and set value for secret `supersecret`with version `ver1`.
82
+
Use the following Resource Manager template to create and set the secret value. This template sets the secret value for the `supersecret`secret resource as version `ver1`.
79
83
```json
80
84
{
81
85
"parameters": {
@@ -113,67 +117,68 @@ The below Resource Manager template creates and set value for secret `supersecre
113
117
}
114
118
],
115
119
```
116
-
* Using the REST API
120
+
### Use the REST API
117
121
122
+
Use the following script to use the REST API to set the secret value.
Environment Variable 'SecretPath' will point to the directory where all secrets are stored. Each parameter listed under section `testsecrets` will be stored in a separate file. Application can now use the secret as shown below
The environment variable `SecretPath` will point to the directory where all secrets are stored. Each parameter listed under the `testsecrets` section is stored in a separate file. The application can now use the secret as follows:
1. Youcanbindasecrettoaprocessenvironmentvariablebyspecifying `Type='SecretsStoreRef`. The following snippet is an example of how to bind the `supersecret` version `ver1` to the environment variable `MySuperSecret` in **ServiceManifest.xml**.
0 commit comments