AWS Secrets Manager

Detailed information on the secret store component

Component format

To setup AWS Secrets Manager secret store create a component of type secretstores.aws.secretmanager. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

See Authenticating to AWS for information about authentication-related attributes.

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: awssecretmanager
spec:
  type: secretstores.aws.secretmanager
  version: v1
  metadata:
  - name: region
    value: "[aws_region]"
  - name: accessKey
    value: "[aws_access_key]"
  - name: secretKey
    value: "[aws_secret_key]"
  - name: sessionToken
    value: "[aws_session_token]"

Spec metadata fields

Field Required Details Example
region Y The specific AWS region the AWS Secrets Manager instance is deployed in "us-east-1"
accessKey Y The AWS Access Key to access this resource "key"
secretKey Y The AWS Secret Access Key to access this resource "secretAccessKey"
sessionToken N The AWS session token to use "sessionToken"

Optional per-request metadata properties

The following optional query parameters can be provided when retrieving secrets from this secret store:

Query Parameter Description
metadata.version_id Version for the given secret key.
metadata.version_stage Version stage for the given secret key.

Create an AWS Secrets Manager instance

Setup AWS Secrets Manager using the AWS documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html.


Last modified July 5, 2023: Apply suggestions from code review (6e088d16)