Azure Key Vault
Detailed information on the Azure Key Vault cryptography component
Component format
A Dapr crypto.yaml
component file has the following structure:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
spec:
type: crypto.azure.keyvault
metadata:
- name: vaultName
value: mykeyvault
# See authentication section below for all options
- name: azureTenantId
value: ${{AzureKeyVaultTenantId}}
- name: azureClientId
value: ${{AzureKeyVaultServicePrincipalClientId}}
- name: azureClientSecret
value: ${{AzureKeyVaultServicePrincipalClientSecret}}
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.Authenticating with Microsoft Entra ID
The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component:
- Read the Authenticating to Azure document.
- Create an Microsoft Entra ID application (also called a Service Principal).
- Alternatively, create a managed identity for your application platform.
Spec metadata fields
Field | Required | Details | Example |
---|---|---|---|
vaultName |
Y | Azure Key Vault name | "mykeyvault" |
Auth metadata | Y | See Authenticating to Azure for more information |
Related links
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified May 31, 2024: Merge 61e65296a85dd35c3b7040b281b7c17caffcc144 into 27b6a61b0e1b0a30ea4e4f31bea712dfec3813b3 (525f2ab)