How To: Retrieve a secret

Now that you’ve learned what the Dapr secrets building block provides, learn how it can work in your service. This guide demonstrates how to call the secrets API and retrieve secrets in your application code from a configured secret store.

Note

If you haven’t already, try out the secrets management quickstart for a quick walk-through on how to use the secrets API.

Warning

In a production-grade application, local secret stores are not recommended. to securely manage your secrets.

In your project directory, create a file named with the following contents:

Create a new directory named components. Navigate into that directory and create a component file named local-secret-store.yaml with the following contents:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: localsecretstore
  5. spec:
  6.   type: secretstores.local.file
  7.   version: v1
  8.   metadata:
  9.   - name: secretsFile
  10.     value: secrets.json  #path to secrets file
  11.   - name: nestedSeparator
  12.     value: ":"

Warning

For more information:

Get the secret by calling the Dapr sidecar using the secrets API:

See a full API reference.

  1. //dependencies
  2. using System;
  3. using System.Collections.Generic;
  4. using System.Net.Http;
  5. using System.Net.Http.Headers;
  6. using Dapr.Client;
  7. using Microsoft.AspNetCore.Mvc;
  8. using System.Threading;
  9. using System.Text.Json;
  12. namespace EventService
  13. {
  14.     class Program
  15.     {
  16.         static async Task Main(string[] args)
  17.         {
  18.             string SECRET_STORE_NAME = "localsecretstore";
  19.             using var client = new DaprClientBuilder().Build();
  20.             //Using Dapr SDK to get a secret
  21.             var secret = await client.GetSecretAsync(SECRET_STORE_NAME, "secret");
  22.             Console.WriteLine($"Result: {string.Join(", ", secret)}");
  23.         }
  24.     }
  25. }
  1. #dependencies 
  2. import random
  3. from time import sleep    
  4. import requests
  5. import logging
  6. from dapr.clients import DaprClient
  7. from dapr.clients.grpc._state import StateItem
  8. from dapr.clients.grpc._request import TransactionalStateOperation, TransactionOperationType
  10. #code
  11. logging.basicConfig(level = logging.INFO)
  14. with DaprClient() as client:
  15.     #Using Dapr SDK to get a secret
  16.     secret = client.get_secret(store_name=DAPR_STORE_NAME, key=key)
  17.     logging.info('Result: ')
  18.     logging.info(secret.secret)
  19.     #Using Dapr SDK to get bulk secrets
  20.     secret = client.get_bulk_secret(store_name=DAPR_STORE_NAME)
  21.     logging.info('Result for bulk secret: ')
  22.     logging.info(sorted(secret.secrets.items()))
  1. //dependencies 
  2. import { DaprClient, HttpMethod, CommunicationProtocolEnum } from '@dapr/dapr'; 
  4. //code
  5. const daprHost = "127.0.0.1"; 
  7. async function main() {
  8.     const client = new DaprClient(daprHost, process.env.DAPR_HTTP_PORT, CommunicationProtocolEnum.HTTP);
  9.     const SECRET_STORE_NAME = "localsecretstore";
  10.     //Using Dapr SDK to get a secret
  11.     var secret = await client.secret.get(SECRET_STORE_NAME, "secret");
  12.     console.log("Result: " + secret);
  13.     //Using Dapr SDK to get bulk secrets
  14.     secret = await client.secret.getBulk(SECRET_STORE_NAME);
  15.     console.log("Result for bulk: " + secret);
  16. }
  18. main();