How To: Retrieve a secret

This guide demonstrates how to use Dapr’s secrets API in your code to leverage the . With the secrets API, you easily retrieve secrets in your application code from a configured secret store.

Before retrieving secrets in your application’s code, you must configure a secret store component. This example configures a local secret store which uses a local JSON file to store secrets.

Warning

Create a file named with the following contents:

Create a directory for your components file named components and inside it create a file named localSecretStore.yaml with the following contents:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: localsecretstore
  5.   namespace: default
  6. spec:
  7.   type: secretstores.local.file
  8.   version: v1
  9.   metadata:
  10.   - name: secretsFile
  11.     value: secrets.json  #path to secrets file
  12.   - name: nestedSeparator
  13.     value: ":"

Warning

The path to the secret store JSON is relative to where you call dapr run from.

Get the secret by calling the Dapr sidecar using the secrets API:

See a full API reference.

Once you have a secret store, call Dapr to get the secrets from your application code. Below are code examples that leverage Dapr SDKs for retrieving a secret.

  1. //dependencies
  2. using System;
  3. using System.Collections.Generic;
  4. using System.Net.Http;
  5. using System.Net.Http.Headers;
  6. using System.Threading.Tasks;
  7. using Dapr.Client;
  8. using System.Threading;
  9. using System.Text.Json;
  12. namespace EventService
  13. {
  14.     class Program
  15.     {
  16.         static async Task Main(string[] args)
  17.         {
  18.             string SECRET_STORE_NAME = "localsecretstore";
  19.             using var client = new DaprClientBuilder().Build();
  20.             //Using Dapr SDK to get a secret
  21.             var secret = await client.GetSecretAsync(SECRET_STORE_NAME, "secret");
  22.             Console.WriteLine($"Result: {string.Join(", ", secret)}");
  23.         }
  24.     }
  25. }
  1. #dependencies 
  2. import random
  3. from time import sleep    
  4. import requests
  5. import logging
  6. from dapr.clients import DaprClient
  7. from dapr.clients.grpc._state import StateItem
  8. from dapr.clients.grpc._request import TransactionalStateOperation, TransactionOperationType
  10. #code
  11. logging.basicConfig(level = logging.INFO)
  12. DAPR_STORE_NAME = "localsecretstore"
  13. key = 'secret'
  14. with DaprClient() as client:
  15.     #Using Dapr SDK to get a secret
  16.     secret = client.get_secret(store_name=DAPR_STORE_NAME, key=key)
  17.     logging.info('Result: ')
  18.     logging.info(secret.secret)
  19.     #Using Dapr SDK to get bulk secrets
  20.     secret = client.get_bulk_secret(store_name=DAPR_STORE_NAME)
  21.     logging.info('Result for bulk secret: ')
  22.     logging.info(sorted(secret.secrets.items()))
  1. //dependencies 
  2. import { DaprClient, HttpMethod, CommunicationProtocolEnum } from 'dapr-client'; 
  4. //code
  5. const daprHost = "127.0.0.1"; 
  7. async function main() {
  8.     const client = new DaprClient(daprHost, process.env.DAPR_HTTP_PORT, CommunicationProtocolEnum.HTTP);
  9.     const SECRET_STORE_NAME = "localsecretstore";
  10.     //Using Dapr SDK to get a secret
  11.     var secret = await client.secret.get(SECRET_STORE_NAME, "secret");
  12.     console.log("Result: " + secret);
  13.     //Using Dapr SDK to get bulk secrets
  14.     secret = await client.secret.getBulk(SECRET_STORE_NAME);
  15.     console.log("Result for bulk: " + secret);
  16. }
  18. main();