The documentation you are viewing is for Dapr v1.4 which is an older version of Dapr. For up-to-date documentation, see the latest version.

HashiCorp Vault

详细介绍了关于 HashiCorp Vault密钥仓库组件的信息

创建 Vault 组件

要设置HashiCorp Vault密钥仓库,请创建一个类型为secretstores.hashicorp.vault的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

kind: Component
  name: vault
  namespace: default
  type: secretstores.hashicorp.vault
  version: v1
  - name: vaultAddr
    value: [vault_address] # Optional. Default: ""
  - name: caCert # Optional. This or caPath or caPem
    value: "[ca_cert]"
  - name: caPath # Optional. This or CaCert or caPem
    value: "[path_to_ca_cert_file]"
  - name: caPem # Optional. This or CaCert or CaPath
    value : "[encoded_ca_cert_pem]"
  - name: skipVerify # Optional. Default: false
    value : "[skip_tls_verification]"
  - name: tlsServerName # Optional.
    value : "[tls_config_server_name]"
  - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
    value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "[path_to_file_containing_token]"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"
  - name: vaultKVUsePrefix # Optional. default: "true"
    value: "[true/false]"


字段 必填 详情 示例
vaultAddr N Vault服务器的地址 默认值为 "" ""
caCert N Certificate Authority只使用其中一个选项。 要使用的加密cacerts "cacerts"
caPath N Certificate Authority只使用其中一个选项。 CA证书文件的路径 "path/to/cacert/file"
caPem N Certificate Authority只使用其中一个选项。 要是用的加密cacert pem "encodedpem"
skipVerify N 跳过 TLS 验证。 默认值为 "false" "true", "false"
tlsServerName N TLS 配置服务器名称 "tls-server"
vaultTokenMountPath Y 包含token的文件路径 "path/to/file"
vaultToken Y Token for authentication within Vault. "tokenValue"
vaultKVPrefix N 仓库前缀 默认值为 "dapr" "dapr", "myprefix"
vaultKVUsePrefix N If false, vaultKVPrefix is forced to be empty. If the value is not given or set to true, vaultKVPrefix is used when accessing the vault. Setting it to false is needed to be able to use the BulkGetSecret method of the store. "true", "false"

设置 Hashicorp Vault实例

参考Vault文档设置Hashicorp Vault:。

对于Kubernetes,你可以使用Helm Chart: