Skip to content

Latest commit

 

History

History

secret_store

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
components
components
 
 
README.md
README.md
 
 
config.yaml
config.yaml
 
 
example.py
example.py
 
 
secrets.json
secrets.json
 
 

README.md

Example - Retrieve a secret from a secret store

This example utilizes a local secret store to show how to retrieve secrets using dapr It creates a dapr client and calls the get_secret method in the DaprClient. This example also illustrates the use of access control for secrets.

Note: Make sure to use the latest proto bindings

Pre-requisites

Install Dapr python-SDK

pip3 install dapr dapr-ext-grpc

Run the example

Change directory to this folder:

cd examples/secret_store

To run this example, use the following command:

dapr run --app-id=secretsapp --app-protocol grpc --resources-path components/ python3 example.py

You should be able to see the following output:

== APP == Got!
== APP == {'secretKey': 'secretValue'}
== APP == Got!
== APP == [('random', {'random': 'randomValue'}), ('secretKey', {'secretKey': 'secretValue'})]
== APP == Got!
== APP == {'random': 'randomValue'}

In config.yaml you can see that the localsecretstore secret store has been defined with some restricted permissions.

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: daprConfig
spec:
  secrets:
    scopes:
        - storeName: "localsecretstore"
          defaultAccess: "deny"
          allowedSecrets: ["secretKey",]

The above configuration defines that the default access permission for the localsecretstore is deny and that only the key secretKey is allowed to be accessed from the store.

To see this run the same example.py app with the following command:

dapr run --app-id=secretsapp --app-protocol grpc --config config.yaml --resources-path components/ python3 example.py

The above command overrides the default configuration file with the --config flag.

The output should be as follows:

== APP == Got!
== APP == {'secretKey': 'secretValue'}
== APP == Got!
== APP == [('secretKey', {'secretKey': 'secretValue'})]
== APP == Got expected error for accessing random key

It can be seen that when it tried to get the random key again, it fails as by default the access is denied for any key unless defined in the allowedSecrets list.

Cleanup

Either press CTRL + C to quit the app or run the following command in a new terminal to stop the app

dapr stop --app-id=secretsapp

You can replace local secret store with any other secret stores that dapr supports like Kubernetes, Hashicorp Vault, Azure KeyVault etc.