How To: Retrieve a secret

    This article provides guidance on using Dapr’s secrets API in your code to leverage the secrets store building block. The secrets API allows you to easily retrieve secrets in your application code from a configured secret store.

    Before retrieving secrets in your application’s code, you must have a secret store component configured. For the purposes of this guide, as an example you will configure a local secret store which uses a local JSON file to store secrets.

    Create a directory for your components file named components and inside it create a file named localSecretStore.yaml with the following contents:

    1. apiVersion: dapr.io/v1alpha1
    2. kind: Component
    3. metadata:
    4.   name: my-secrets-store
    5.   namespace: default
    6. spec:
    7.   type: secretstores.local.file
    8.   version: v1
    9.   metadata:
    10.   - name: secretsFile
    11.     value: <PATH TO SECRETS FILE>/mysecrets.json
    12.   - name: nestedSeparator
    13.     value: ":"

    Make sure to replace <PATH TO SECRETS FILE> with the path to the JSON file you just created.

    To configure a different kind of secret store see the guidance on and review supported secret stores to see specific details required for different secret store solutions.

    1. dapr run --app-id my-app --dapr-http-port 3500 --components-path ./components

    And now you can get the secret by calling the Dapr sidecar using the secrets API:

    For a full API reference, go .

    Once you have a secret store set up, you can call Dapr to get the secrets from your application code. Here are a few examples in different programming languages:

    1. import (
    2.   "net/http"
    3. )
    5. func main() {
    6.   url := "http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret"
    8.   res, err := http.Get(url)
    9.   if err != nil {
    10.     panic(err)  
    11.   }
    12.   defer res.Body.Close()
    14.   body, _ := ioutil.ReadAll(res.Body)
    15.   fmt.Println(string(body))
    16. }
    1. require('isomorphic-fetch');
    2. const secretsUrl = `http://localhost:3500/v1.0/secrets`;
    4. fetch(`${secretsUrl}/my-secrets-store/my-secret`)
    5.         .then((response) => {
    6.             if (!response.ok) {
    7.                 throw "Could not get secret";
    8.             }
    9.             return response.text();
    11.         });
    1. #![deny(warnings)]
    2. use std::{thread};
    4. #[tokio::main]
    5. async fn main() -> Result<(), reqwest::Error> {
    6.     let res = reqwest::get("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret").await?;
    7.     let body = res.text().await?;
    8.     println!("Secret:{}", body);
    10.     thread::park();
    12.     Ok(())
    13. }
    1. var client = new HttpClient();
    2. var response = await client.GetAsync("http://localhost:3500/v1.0/secrets/my-secrets-store/my-secret");
    3. response.EnsureSuccessStatusCode();
    5. string secret = await response.Content.ReadAsStringAsync();
    6. Console.WriteLine(secret);