Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can i use dapr connect to hashicorp vault and read data of database secrets engine? #7741

Open
LyqRikako opened this issue May 17, 2024 · 0 comments
Open

How can i use dapr connect to hashicorp vault and read data of database secrets engine? #7741

LyqRikako opened this issue May 17, 2024 · 0 comments

Comments

@LyqRikako
Copy link

I created a kv secret engine called "kv" and created a secret named " kv-test1",it has two key-value data.
I use yaml file and app.py connected to my vault and get some data from kv secret engine.
I also created a database secret engine to connect my mysql database.And i create a role to generate some temporary crudential.
I use the sameway try to connect dapr and vault database secret engine.But i failed.
this is my yaml and app.py file

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: vault1
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: "http://127.0.0.1:8200" # Optional. Default: "https://127.0.0.1:8200"
  - name: skipVerify # Optional. Default: false
    value : "true"
  # - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
  #   value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "hvs.V8LGl1qzreAxlPkE36u5aJ4q"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "[vault_prefix]"
  - name: vaultKVUsePrefix # Optional. default: "true"
    value: "false"
  - name: enginePath # Optional. default: "secret"
    value: "kv"
  - name: vaultValueType # Optional. default: "map"
    value: "map"

my app.py file

import json
from dapr.clients import DaprClient

with DaprClient() as d:
    response = d.get_secret(store_name="vault1", key="kv-test2")
    print(response.secret)

use this two file,i got some data from kv.But it didnt work to database secret engine
What should i do to connect my vault database engine and get some data i need?
This is my file to connect vault database

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: vault2
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: "http://127.0.0.1:8200" # Optional. Default: "https://127.0.0.1:8200"
  - name: skipVerify # Optional. Default: false
    value : "true"
  # - name: vaultTokenMountPath # Required if vaultToken not provided. Path to token file.
  #   value : "[path_to_file_containing_token]"
  - name: vaultToken # Required if vaultTokenMountPath not provided. Token value.
    value : "hvs.V8LGl1qzreAxlPkE36u5aJ4q"
  - name: enginePath # Optional. default: "secret"
    value: "database1"


from dapr.clients import DaprClient

with DaprClient() as d:
    response = d.get_secret(store_name="vault2", key="database1/creds")
    print(response.secret)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LyqRikako