我的书签
添加书签
移除书签How To: Use secret scoping
Follow these instructions to configure secret store for an application. Once configured, any secret defined within that store will be accessible from the Dapr application.
To limit the secrets to which the Dapr application has access, users can define secret scopes by augmenting existing configuration CRD with restrictive permissions.
Follow to define a configuration CRD.
Define the following and apply it to the Kubernetes cluster using the command kubectl apply -f appconfig.yaml.
For applications that need to be denied access to the Kubernetes secret store, follow these instructions, and add the following annotation to the application pod.
With this defined, the application no longer has access to Kubernetes secret store.
This example defines configuration for secret store named vault. The default access to the secret store is , whereas some secrets are accessible by the application based on the allowedSecrets list. Follow to apply configuration to the sidecar.
Define the following config.yaml:
The above configuration explicitly denies access to and secret2 from the secret store named vault while allowing access to all other secrets. Follow these instructions to apply configuration to the sidecar.
