Local storage

Detailed information on the local storage cryptography component

Component format

The purpose of this component is to load keys from a local directory.

The component accepts as input the name of a folder, and loads keys from there. Each key is in its own file, and when users request a key with a given name, Dapr loads the file with that name.

Supported file formats:

  • PEM with public and private keys (supports: PKCS#1, PKCS#8, PKIX)
  • JSON Web Key (JWK) containing a public, private, or symmetric key
  • Raw key data for symmetric keys

Note

This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.

A Dapr crypto.yaml component file has the following structure:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: mycrypto
  5. spec:
  6.   type: crypto.dapr.localstorage
  7.   metadata:
  8.     version: v1
  9.     - name: path
  10.       value: /path/to/folder/

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.

Spec metadata fields

FieldRequiredDetailsExample
pathYFolder containing the keys to be loaded. When loading a key, the name of the key will be used as name of the file in this folder./path/to/folder

Example

Let’s say you’ve set path=/mnt/keys, which contains the following files:

  • /mnt/keys/mykey1.pem
  • /mnt/keys/mykey2

When using the component, you can reference the keys as mykey1.pm and mykey2.

Cryptography building block

Last modified March 21, 2024: Merge pull request #4082 from newbe36524/v1.13 (f4b0938)