This tutorial shows you how to use the Dapr secrets API to access secrets from secret stores. Dapr allows us to deploy the same microservice from the local machines to Kubernetes. Correspondingly, this quickstart has instructions for deploying this project locally or in Kubernetes.
This quickstart requires you to have the following installed on your machine:
Also, unless you have already done so, clone the repository with the quickstarts and cd
into the right directory:
git clone [-b <dapr_version_tag>] https://github.com/dapr/quickstarts.git
cd quickstarts
Note: See https://github.com/dapr/quickstarts#supported-dapr-runtime-version for supported tags. Use
git clone https://github.com/dapr/quickstarts.git
when using the edge version of dapr runtime.
Follow instructions to download and install the Dapr CLI and initialize Dapr.
Navigate to the secretstore quickstart and the node folder within that location.
cd secretstore/node
In the app.js
you'll find a simple express
application, which exposes a few routes and handlers. First, take a look at the top of the file:
const daprPort = process.env.DAPR_HTTP_PORT || 3500;
const secretStoreName = process.env.SECRET_STORE;
const secretName = 'mysecret'
The secretStoreName
is read from an environment variable where the value kubernetes
is injected for a Kubernetes deployment and for local development the environment variable must be set to localsecretstore
value.
Next take a look at the getsecret
handler:
app.get('/getsecret', (_req, res) => {
const url = `${secretsUrl}/${secretStoreName}/${secretName}?metadata.namespace=default`
console.log("Fetching URL: %s", url)
fetch(url)
.then(res => res.json())
.then(json => {
let secretBuffer = new Buffer(json["mysecret"])
let encodedSecret = secretBuffer.toString('base64')
console.log("Base64 encoded secret is: %s", encodedSecret)
return res.send(encodedSecret)
})
});
The code gets the the secret called mysecret
from the secret store and displays a Base64 encoded version of the secret.
In secrets.json
file, you'll find a secret mysecret
.
{
"mysecret": "abcd"
}
In the components folder, there is a local-secret-store.yaml
which defines a local file secret store component to be used by Dapr.