How To: Retrieve a secret

    This article provides guidance on using Dapr’s secrets API in your code to leverage the secrets store building block. The secrets API allows you to easily retrieve secrets in your application code from a configured secret store.

    Before retrieving secrets in your application’s code, you must have a secret store component configured. For the purposes of this guide, as an example you will configure a local secret store which uses a local JSON file to store secrets.

    Create a directory for your components file named components and inside it create a file named localSecretStore.yaml with the following contents:

    1. apiVersion: dapr.io/v1alpha1
    2. kind: Component
    3. metadata:
    4.   name: my-secrets-store
    5.   namespace: default
    6. spec:
    7.   type: secretstores.local.file
    8.   version: v1
    9.   metadata:
    10.   - name: secretsFile
    11.     value: <PATH TO SECRETS FILE>/mysecrets.json
    12.   - name: nestedSeparator
    13.     value: ":"

    Make sure to replace <PATH TO SECRETS FILE> with the path to the JSON file you just created.

    Now run the Dapr sidecar (with no application)

    1. dapr run --app-id my-app --dapr-http-port 3500 --components-path ./components

    And now you can get the secret by calling the Dapr sidecar using the secrets API:

    For a full API reference, go .

    1. import (
    2.   "net/http"
    5. func main() {
    6.   url := "http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret"
    8.   res, err := http.Get(url)
    9.   if err != nil {
    10.     panic(err)
    11.   }
    12.   defer res.Body.Close()
    14.   body, _ := ioutil.ReadAll(res.Body)
    15.   fmt.Println(string(body))
    16. }
    1. require('isomorphic-fetch');
    2. const secretsUrl = `http://localhost:3500/v1.0/secrets`;
    4. fetch(`${secretsUrl}/my-secrets-store/my-secret`)
    5.         .then((response) => {
    6.             if (!response.ok) {
    7.                 throw "Could not get secret";
    8.             }
    10.         }).then((secret) => {
    11.         });
    1. #![deny(warnings)]
    2. use std::{thread};
    4. #[tokio::main]
    5. async fn main() -> Result<(), reqwest::Error> {
    6.     let res = reqwest::get("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret").await?;
    7.     let body = res.text().await?;
    8.     println!("Secret:{}", body);
    10.     thread::park();
    12.     Ok(())
    13. }
    1. var client = new HttpClient();
    2. var response = await client.GetAsync("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret");
    3. response.EnsureSuccessStatusCode();
    5. string secret = await response.Content.ReadAsStringAsync();