The documentation you are viewing is for Dapr v1.11 which is an older version of Dapr. For up-to-date documentation, see the latest version.
Azure Key Vault
Detailed information on the Azure Key Vault cryptography component
Component format
A Dapr crypto.yaml component file has the following structure:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azurekeyvault
spec:
type: crypto.azure.keyvault
metadata:
- name: vaultName
value: mykeyvault
# See authentication section below for all options
- name: azureTenantId
value: ${{AzureKeyVaultTenantId}}
- name: azureClientId
value: ${{AzureKeyVaultServicePrincipalClientId}}
- name: azureClientSecret
value: ${{AzureKeyVaultServicePrincipalClientSecret}}
Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.Authenticating with Azure AD
The Azure Key Vault cryptography component supports authentication with Azure AD only. Before you enable this component:
- Read the Authenticating to Azure document.
- Create an Azure AD application (also called a Service Principal).
- Alternatively, create a managed identity for your application platform.
Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
vaultName |
Y | Azure Key Vault name | "mykeyvault" |
| Auth metadata | Y | See Authenticating to Azure for more information |
Related links
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified July 11, 2023: Fixed link (543fc83a)