HashiCorp Vault
详细介绍了关于 HashiCorp Vault密钥仓库组件的信息
创建 Vault 组件
要设置HashiCorp Vault密钥仓库,请创建一个类型为secretstores.hashicorp.vault的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: vault
namespace: default
spec:
type: secretstores.hashicorp.vault
version: v1
metadata:
- name: vaultAddr
value: [vault_address] # Optional. Default: "https://127.0.0.1:8200"
- name: caCert # Optional. This or caPath or caPem
value: "[ca_cert]"
- name: caPath # Optional. This or CaCert or caPem
value: "[path_to_ca_cert_file]"
- name: caPem # Optional. This or CaCert or CaPath
value : "[encoded_ca_cert_pem]"
- name: skipVerify # Optional. Default: false
value : "[skip_tls_verification]"
- name: tlsServerName # Optional.
value : "[tls_config_server_name]"
- name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
value : "[path_to_file_containing_token]"
- name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
value : "[path_to_file_containing_token]"
- name: vaultKVPrefix # Optional. Default: "dapr"
value : "[vault_prefix]"
Warning
以上示例将密钥明文存储, It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.元数据字段规范
| 字段 | 必填 | 详情 | Example |
|---|---|---|---|
| vaultAddr | N | Vault服务器的地址 默认值为 "https://127.0.0.1:8200" | "https://127.0.0.1:8200" |
| caCert | N | Certificate Authority只使用其中一个选项。 要使用的加密cacerts | "cacerts" |
| caPath | N | Certificate Authority只使用其中一个选项。 CA证书文件的路径 | "path/to/cacert/file" |
| caPem | N | Certificate Authority只使用其中一个选项。 要是用的加密cacert pem | "encodedpem" |
| skipVerify | N | 跳过 TLS 验证。 默认值为 "false" | "true", "false" |
| tlsServerName | N | TLS 配置服务器名称 | "tls-server" |
| vaultTokenMountPath | Y | 包含token的文件路径 | "path/to/file" |
| vaultToken | Y | Token for authentication within Vault. | "tokenValue" |
| vaultKVPrefix | N | 仓库前缀 默认值为 "dapr" | "dapr", "myprefix" |
设置 Hashicorp Vault实例
参考Vault文档设置Hashicorp Vault:https://www.vaultproject.io/docs/install/index.html。
对于Kubernetes,你可以使用Helm Chart:https://github.com/hashicorp/vault-helm。
相关链接
May 29, 2021: New Crowdin updates (#72) (602a67f8)