Skip to content

Latest commit

 

History

History

secretstore

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
deploy
deploy
 
 
node
node
 
 
README.md
README.md
 
 
makefile
makefile
 
 

README.md

Secrets store

This tutorial shows you how to use the Dapr secrets API to access secrets from secret stores. Dapr allows us to deploy the same microservice from the local machines to Kubernetes. Correspondingly, this quickstart has instructions for deploying this project locally or in Kubernetes.

Prerequisites

Prerequisites to run Locally

Prerequisites to run in Kubernetes

This quickstart requires you to have the following installed on your machine:

Also, unless you have already done so, clone the repository with the quickstarts and cd into the right directory:

git clone [-b <dapr_version_tag>] https://github.com/dapr/quickstarts.git
cd quickstarts

Note: See https://github.com/dapr/quickstarts#supported-dapr-runtime-version for supported tags. Use git clone https://github.com/dapr/quickstarts.git when using the edge version of dapr runtime.

Run Locally

Step 1 - Setup Dapr on your local machine

Follow instructions to download and install the Dapr CLI and initialize Dapr.

Step 2 - Understand the code and configuration

Navigate to the secretstore quickstart and the node folder within that location.

cd secretstore/node

In the app.js you'll find a simple express application, which exposes a few routes and handlers. First, take a look at the top of the file:

const daprPort = process.env.DAPR_HTTP_PORT || 3500;
const secretStoreName = process.env.SECRET_STORE; 
const secretName = 'mysecret'

The secretStoreName is read from an environment variable where the value kubernetes is injected for a Kubernetes deployment and for local development the environment variable must be set to localsecretstore value.

Next take a look at the getsecret handler:

app.get('/getsecret', (_req, res) => {
    const url = `${secretsUrl}/${secretStoreName}/${secretName}?metadata.namespace=default`
    console.log("Fetching URL: %s", url)
    fetch(url)
    .then(res => res.json())
    .then(json => {
        let secretBuffer = new Buffer(json["mysecret"])
        let encodedSecret = secretBuffer.toString('base64')
        console.log("Base64 encoded secret is: %s", encodedSecret)
        return res.send(encodedSecret)
    })
});

The code gets the the secret called mysecret from the secret store and displays a Base64 encoded version of the secret.

In secrets.json file, you'll find a secret mysecret.

{
    "mysecret": "abcd"
}

In the components folder, there is a local-secret-store.yaml which defines a local file secret store component to be used by Dapr.