Local storage

Detailed information on the local storage cryptography component

Component format

The purpose of this component is to load keys from a local directory.

The component accepts as input the name of a folder, and loads keys from there. Each key is in its own file, and when users request a key with a given name, Dapr loads the file with that name.

Supported file formats:

PEM with public and private keys (supports: PKCS#1, PKCS#8, PKIX)
JSON Web Key (JWK) containing a public, private, or symmetric key
Raw key data for symmetric keys

Note

This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.

A Dapr crypto.yaml component file has the following structure:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: mycrypto
spec:
  type: crypto.dapr.localstorage
  metadata:
    version: v1
    - name: path
      value: /path/to/folder/

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.

Spec metadata fields

Field	Required	Details	Example
`path`	Y	Folder containing the keys to be loaded. When loading a key, the name of the key will be used as name of the file in this folder.	`/path/to/folder`

Example

Let’s say you’ve set path=/mnt/keys, which contains the following files:

/mnt/keys/mykey1.pem
/mnt/keys/mykey2

When using the component, you can reference the keys as mykey1.pm and mykey2.

Cryptography building block

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.