GCP Secret Manager

GCP Secret Manager密钥仓库组件的详细信息

配置

要设置GCP Secret Manager密钥仓库,请创建一个类型为secretstores.gcp.secretmanager的组件。 See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: gcpsecretmanager
  5.   namespace: default
  6. spec:
  7.   type: secretstores.gcp.secretmanager
  8.   version: v1
  9.   metadata:
  10.   - name: type
  11.     value: <replace-with-account-type>
  12.   - name: project_id
  13.     value: <replace-with-project-id>
  14.   - name: private_key_id
  15.     value: <replace-with-private-key-id>
  16.   - name: client_email
  17.     value: <replace-with-email>
  18.   - name: client_id
  19.     value: <replace-with-client-id>
  20.   - name: auth_uri
  21.     value: <replace-with-auth-uri>
  22.   - name: token_uri
  23.     value: <replace-with-token-uri>
  24.   - name: auth_provider_x509_cert_url
  25.     value: <replace-with-auth-provider-cert-url>
  26.   - name: client_x509_cert_url
  27.     value: <replace-with-client-cert-url>
  28.   - name: private_key
  29.     value: <replace-with-private-key>

Warning

以上示例将密钥明文存储, It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.

元数据字段规范

字段必填详情Example
typeY账户类型“serviceAccount”
project_idY与此组件相关联的项目 ID。“project_id”
private_key_idN私钥ID“privatekey”
client_emailY客户端电子邮件地址“client@example.com”
client_idN客户端的 ID“11111111”
auth_uriN认证URIhttps://accounts.google.com/o/oauth2/auth
token_uriN认证token URIhttps://oauth2.googleapis.com/token
auth_provider_x509_cert_urlN认证提供者的证书URLhttps://www.googleapis.com/oauth2/v1/certs
client_x509_cert_urlN客户端的证书 URLhttps://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com
private_keyY认证用的私钥“privateKey”

设置GCP Secret Manager实例

参考GCP文档设置 GCP Secret Manager:https://cloud.google.com/secret-manager/docs/quickstart。

相关链接