The documentation you are viewing is for Dapr v1.4 which is an older version of Dapr. For up-to-date documentation, see the latest version.
HashiCorp Vault
详细介绍了关于 HashiCorp Vault密钥仓库组件的信息
创建 Vault 组件
要设置HashiCorp Vault密钥仓库,请创建一个类型为secretstores.hashicorp.vault的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: vault
namespace: default
spec:
type: secretstores.hashicorp.vault
version: v1
metadata:
- name: vaultAddr
value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
- name: caCert # Optional. This or caPath or caPem
value: "[ca_cert]"
- name: caPath # Optional. This or CaCert or caPem
value: "[path_to_ca_cert_file]"
- name: caPem # Optional. This or CaCert or CaPath
value : "[encoded_ca_cert_pem]"
- name: skipVerify # Optional. Default: false
value : "[skip_tls_verification]"
- name: tlsServerName # Optional.
value : "[tls_config_server_name]"
- name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
value : "[path_to_file_containing_token]"
- name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
value : "[path_to_file_containing_token]"
- name: vaultKVPrefix # Optional. Default: "dapr"
value : "[vault_prefix]"
- name: vaultKVUsePrefix # Optional. default: "true"
value: "[true/false]"
Warning
以上示例将密钥明文存储, It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.元数据字段规范
| 字段 | 必填 | 详情 | 示例 |
|---|---|---|---|
| vaultAddr | N | Vault服务器的地址 默认值为 "https://127.0.0.1:8200" |
"https://127.0.0.1:8200" |
| caCert | N | Certificate Authority只使用其中一个选项。 要使用的加密cacerts | "cacerts" |
| caPath | N | Certificate Authority只使用其中一个选项。 CA证书文件的路径 | "path/to/cacert/file" |
| caPem | N | Certificate Authority只使用其中一个选项。 要是用的加密cacert pem | "encodedpem" |
| skipVerify | N | 跳过 TLS 验证。 默认值为 "false" |
"true", "false" |
| tlsServerName | N | TLS 配置服务器名称 | "tls-server" |
| vaultTokenMountPath | Y | 包含token的文件路径 | "path/to/file" |
| vaultToken | Y | Token for authentication within Vault. | "tokenValue" |
| vaultKVPrefix | N | 仓库前缀 默认值为 "dapr" |
"dapr", "myprefix" |
| vaultKVUsePrefix | N | If false, vaultKVPrefix is forced to be empty. If the value is not given or set to true, vaultKVPrefix is used when accessing the vault. Setting it to false is needed to be able to use the BulkGetSecret method of the store. | "true", "false" |
设置 Hashicorp Vault实例
参考Vault文档设置Hashicorp Vault:https://www.vaultproject.io/docs/install/index.html。
对于Kubernetes,你可以使用Helm Chart:https://github.com/hashicorp/vault-helm。
相关链接
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.