Secret 存储组件规范 on Dapr 文档库https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/Recent content in Secret 存储组件规范 on Dapr 文档库Hugozh-hansAWS Secrets Managerhttps://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/aws-secret-manager/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/aws-secret-manager/<h2 id="组件格式">组件格式</h2> <p>要设置 AWS Secrets Manager 的密钥存储,需创建一个类型为 <code>secretstores.aws.secretmanager</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用密钥存储配置。请参阅本指南以<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用 secrets</a>以检索和使用 Dapr 组件的密钥。</p> <p>有关身份验证相关属性的信息,请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/developing-applications/integrations/aws/authenticating-aws/">身份验证到 AWS</a>。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">awssecretmanager</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.aws.secretmanager</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">region</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_region]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">accessKey</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_access_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretKey</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_secret_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">sessionToken</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_session_token]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例中使用了明文形式的字符串作为密钥。建议使用本地密钥存储,例如<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 密钥存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来安全地存储密钥。 </div> <h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详情</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>region</td> <td style="text-align: center">Y</td> <td>部署 AWS Secrets Manager 实例的特定 AWS 区域</td> <td><code>&quot;us-east-1&quot;</code></td> </tr> <tr> <td>accessKey</td> <td style="text-align: center">Y</td> <td>访问此资源的 AWS 访问密钥</td> <td><code>&quot;key&quot;</code></td> </tr> <tr> <td>secretKey</td> <td style="text-align: center">Y</td> <td>访问此资源的 AWS 秘密访问密钥</td> <td><code>&quot;secretAccessKey&quot;</code></td> </tr> <tr> <td>sessionToken</td> <td style="text-align: center">N</td> <td>要使用的 AWS 会话令牌</td> <td><code>&quot;sessionToken&quot;</code></td> </tr> </tbody> </table> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">重要</h4> 当在 EKS(AWS Kubernetes)上与应用程序一起运行 Dapr sidecar(daprd)时,如果您使用的节点或 Pod 已经附加了定义访问 AWS 资源的 IAM 策略,则<strong>不应</strong>在组件规格中提供 AWS 访问密钥、秘密密钥和令牌。 </div> <h2 id="可选的每请求元数据属性">可选的每请求元数据属性</h2> <p>从此密钥存储检索密钥时,可以提供以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>:</p>AWS SSM 参数存储https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/aws-parameter-store/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/aws-parameter-store/<h2 id="组件格式">组件格式</h2> <p>要设置 AWS SSM 参数存储的机密存储,需创建一个 <code>secretstores.aws.parameterstore</code> 类型的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用机密存储配置。请参阅本指南,了解如何<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用机密</a>以检索和使用 Dapr 组件的机密。</p> <p>有关身份验证相关属性的信息,请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/developing-applications/integrations/aws/authenticating-aws/">身份验证到 AWS</a>。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">awsparameterstore</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.aws.parameterstore</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">region</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_region]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">accessKey</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_access_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretKey</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_secret_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">sessionToken</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[aws_session_token]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">prefix</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[secret_name]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例使用了明文字符串作为机密。建议使用本地机密存储,例如 <a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 机密存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来安全地存储密钥。 </div> <h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>region</td> <td style="text-align: center">Y</td> <td>部署 AWS SSM 参数存储实例的特定 AWS 区域</td> <td><code>&quot;us-east-1&quot;</code></td> </tr> <tr> <td>accessKey</td> <td style="text-align: center">Y</td> <td>访问此资源的 AWS 访问密钥</td> <td><code>&quot;key&quot;</code></td> </tr> <tr> <td>secretKey</td> <td style="text-align: center">Y</td> <td>访问此资源的 AWS 秘密访问密钥</td> <td><code>&quot;secretAccessKey&quot;</code></td> </tr> <tr> <td>sessionToken</td> <td style="text-align: center">N</td> <td>要使用的 AWS 会话令牌</td> <td><code>&quot;sessionToken&quot;</code></td> </tr> <tr> <td>prefix</td> <td style="text-align: center">N</td> <td>用于指定多个 SSM 参数存储机密存储组件的前缀。</td> <td><code>&quot;prefix&quot;</code></td> </tr> </tbody> </table> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">重要</h4> 在 EKS(AWS Kubernetes)上运行 Dapr sidecar(daprd)时,如果节点/Pod 已附加了访问 AWS 资源的 IAM 策略,则<strong>不应</strong>在组件规格中提供 AWS 访问密钥、秘密密钥和令牌。 </div> <h2 id="创建-aws-ssm-参数存储实例">创建 AWS SSM 参数存储实例</h2> <p>请参考 AWS 文档以设置 AWS SSM 参数存储:https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html。</p>Azure Key Vault 密钥存储https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/azure-keyvault/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/azure-keyvault/<h2 id="组件格式">组件格式</h2> <p>要设置 Azure Key Vault 密钥存储,创建一个类型为 <code>secretstores.azure.keyvault</code> 的组件。</p> <ul> <li>请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">密钥存储组件指南</a>以了解如何创建和应用密钥存储配置。</li> <li>请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用密钥的指南</a>以使用 Dapr 组件检索和使用密钥。</li> <li>请参阅下面的<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/azure-keyvault/#configure-the-component">配置组件部分</a>。</li> </ul> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">azurekeyvault</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.azure.keyvault</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultName</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 必需</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">your_keyvault_name]</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">azureEnvironment</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选,默认为 AZUREPUBLICCLOUD</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;AZUREPUBLICCLOUD&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 请参阅下面的身份验证部分以获取所有选项</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">azureTenantId</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[your_service_principal_tenant_id]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">azureClientId</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[your_service_principal_app_id]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">azureCertificateFile</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[pfx_certificate_file_fully_qualified_local_path]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><h2 id="通过-microsoft-entra-id-进行身份验证">通过 Microsoft Entra ID 进行身份验证</h2> <p>Azure Key Vault 密钥存储组件仅支持通过 Microsoft Entra ID 进行身份验证。在启用此组件之前,请确保:</p>GCP Secret Managerhttps://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/gcp-secret-manager/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/gcp-secret-manager/<h2 id="组件格式">组件格式</h2> <p>要设置 GCP Secret Manager 的机密存储,创建一个类型为 <code>secretstores.gcp.secretmanager</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用机密存储配置。请参阅本指南了解如何<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用机密</a>以使用 Dapr 组件检索和使用机密。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">gcpsecretmanager</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.gcp.secretmanager</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">type</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-account-type&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">project_id</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-project-id&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">private_key_id</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-private-key-id&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">client_email</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-email&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">client_id</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-client-id&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">auth_uri</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-auth-uri&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">token_uri</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-token-uri&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">auth_provider_x509_cert_url</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-auth-provider-cert-url&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">client_x509_cert_url</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-client-cert-url&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">private_key</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;replace-with-private-key&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例中使用了明文字符串来存储机密。建议使用本地机密存储,例如 <a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 机密存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来安全地管理密钥。 </div> <h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>type</td> <td style="text-align: center">Y</td> <td>账户类型。</td> <td><code>&quot;service_account&quot;</code></td> </tr> <tr> <td>project_id</td> <td style="text-align: center">Y</td> <td>与此组件关联的项目 ID。</td> <td><code>&quot;project_id&quot;</code></td> </tr> <tr> <td>private_key_id</td> <td style="text-align: center">N</td> <td>私钥 ID</td> <td><code>&quot;privatekey&quot;</code></td> </tr> <tr> <td>client_email</td> <td style="text-align: center">Y</td> <td>客户端电子邮件地址</td> <td><code>&quot;client@example.com&quot;</code></td> </tr> <tr> <td>client_id</td> <td style="text-align: center">N</td> <td>客户端 ID</td> <td><code>&quot;11111111&quot;</code></td> </tr> <tr> <td>auth_uri</td> <td style="text-align: center">N</td> <td>认证 URI</td> <td><code>&quot;https://accounts.google.com/o/oauth2/auth&quot;</code></td> </tr> <tr> <td>token_uri</td> <td style="text-align: center">N</td> <td>认证令牌 URI</td> <td><code>&quot;https://oauth2.googleapis.com/token&quot;</code></td> </tr> <tr> <td>auth_provider_x509_cert_url</td> <td style="text-align: center">N</td> <td>认证提供者的证书 URL</td> <td><code>&quot;https://www.googleapis.com/oauth2/v1/certs&quot;</code></td> </tr> <tr> <td>client_x509_cert_url</td> <td style="text-align: center">N</td> <td>客户端的证书 URL</td> <td><code>&quot;https://www.googleapis.com/robot/v1/metadata/x509/&lt;project-name&gt;.iam.gserviceaccount.com&quot;</code></td> </tr> <tr> <td>private_key</td> <td style="text-align: center">Y</td> <td>用于认证的私钥</td> <td><code>&quot;privateKey&quot;</code></td> </tr> </tbody> </table> <h2 id="可选的每请求元数据属性">可选的每请求元数据属性</h2> <p>GCP Secret Manager 组件支持以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>:</p>HashiCorp Vaulthttps://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/hashicorp-vault/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/hashicorp-vault/<h2 id="如何创建-vault-组件">如何创建 Vault 组件</h2> <p>要设置 HashiCorp Vault 密钥存储,请创建一个类型为 <code>secretstores.hashicorp.vault</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>以了解如何创建和应用密钥存储配置。请参阅本指南以了解如何<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用密钥</a>以使用 Dapr 组件检索和使用密钥。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vault</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.hashicorp.vault</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultAddr</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">vault_address]</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:&#34;https://127.0.0.1:8200&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">caCert</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。此项或 caPath 或 caPem</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[ca_cert]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">caPath</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。此项或 CaCert 或 caPem</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[path_to_ca_cert_file]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">caPem</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。此项或 CaCert 或 CaPath</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[encoded_ca_cert_pem]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">skipVerify</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[skip_tls_verification]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tlsServerName</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[tls_config_server_name]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultTokenMountPath</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 如果未提供 vaultToken 则必填。令牌文件的路径。</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[path_to_file_containing_token]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultToken</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 如果未提供 vaultTokenMountPath 则必填。令牌值。</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[path_to_file_containing_token]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultKVPrefix</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:&#34;dapr&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value </span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[vault_prefix]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultKVUsePrefix</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:&#34;true&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[true/false]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">enginePath</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:&#34;secret&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;secret&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">vaultValueType</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 可选。默认值:&#34;map&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;map&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例中,密钥以明文形式使用。建议使用本地密钥存储,如<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 密钥存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来引导安全密钥存储。 </div> <h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>vaultAddr</td> <td style="text-align: center">否</td> <td>Vault 服务器的地址。默认为 <code>&quot;https://127.0.0.1:8200&quot;</code></td> <td><code>&quot;https://127.0.0.1:8200&quot;</code></td> </tr> <tr> <td>caPem</td> <td style="text-align: center">否</td> <td>要使用的 CA 证书的内联内容,PEM 格式。如果定义,则优先于 <code>caPath</code> 和 <code>caCert</code>。</td> <td>见下文</td> </tr> <tr> <td>caPath</td> <td style="text-align: center">否</td> <td>要使用的 CA 证书文件所在文件夹的路径,PEM 格式。如果文件夹包含多个文件,则仅使用找到的第一个文件。如果定义,则优先于 <code>caCert</code>。</td> <td><code>&quot;path/to/cacert/holding/folder&quot;</code></td> </tr> <tr> <td>caCert</td> <td style="text-align: center">否</td> <td>要使用的 CA 证书的路径,PEM 格式。</td> <td><code>&quot;&quot;path/to/cacert.pem&quot;</code></td> </tr> <tr> <td>skipVerify</td> <td style="text-align: center">否</td> <td>跳过 TLS 验证。默认为 <code>&quot;false&quot;</code></td> <td><code>&quot;true&quot;</code>, <code>&quot;false&quot;</code></td> </tr> <tr> <td>tlsServerName</td> <td style="text-align: center">否</td> <td>在 TLS 握手期间请求的服务器名称,以支持虚拟主机。此值还用于验证 Vault 服务器提供的 TLS 证书。</td> <td><code>&quot;tls-server&quot;</code></td> </tr> <tr> <td>vaultTokenMountPath</td> <td style="text-align: center">是</td> <td>包含令牌的文件路径</td> <td><code>&quot;path/to/file&quot;</code></td> </tr> <tr> <td>vaultToken</td> <td style="text-align: center">是</td> <td><a href="https://learn.hashicorp.com/tutorials/vault/tokens">令牌</a> 用于在 Vault 中进行身份验证。</td> <td><code>&quot;tokenValue&quot;</code></td> </tr> <tr> <td>vaultKVPrefix</td> <td style="text-align: center">否</td> <td>Vault 中的前缀。默认为 <code>&quot;dapr&quot;</code></td> <td><code>&quot;dapr&quot;</code>, <code>&quot;myprefix&quot;</code></td> </tr> <tr> <td>vaultKVUsePrefix</td> <td style="text-align: center">否</td> <td>如果为 false,则强制 vaultKVPrefix 为空。如果未给出值或设置为 true,则在访问 Vault 时使用 vaultKVPrefix。将其设置为 false 是为了能够使用存储的 BulkGetSecret 方法。</td> <td><code>&quot;true&quot;</code>, <code>&quot;false&quot;</code></td> </tr> <tr> <td>enginePath</td> <td style="text-align: center">否</td> <td>Vault 中的<a href="https://www.vaultproject.io/api-docs/secret/kv/kv-v2">引擎</a>路径。默认为 <code>&quot;secret&quot;</code></td> <td><code>&quot;kv&quot;</code>, <code>&quot;any&quot;</code></td> </tr> <tr> <td>vaultValueType</td> <td style="text-align: center">否</td> <td>Vault 值类型。<code>map</code> 表示将值解析为 <code>map[string]string</code>,<code>text</code> 表示将值用作字符串。<code>map</code> 设置 <code>multipleKeyValuesPerSecret</code> 行为。<code>text</code> 使 Vault 表现为具有名称/值语义的密钥存储。默认为 <code>&quot;map&quot;</code></td> <td><code>&quot;map&quot;</code>, <code>&quot;text&quot;</code></td> </tr> </tbody> </table> <h2 id="每个请求的可选元数据属性">每个请求的可选元数据属性</h2> <p>以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>可以提供给 Hashicorp Vault 密钥存储组件:</p>Kubernetes secretshttps://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/<h2 id="默认-kubernetes-secret-存储组件">默认 Kubernetes secret 存储组件</h2> <p>在 Dapr 部署到 Kubernetes 集群时,系统会自动配置一个名为 <code>kubernetes</code> 的 secret 存储。这个预配置的 secret 存储允许开发人员直接使用 Kubernetes 的原生 secret 存储,而无需编写、部署或维护额外的组件配置文件,这对于希望简单地访问 Kubernetes 集群中 secret 的开发人员非常有用。</p> <p>您仍然可以配置一个自定义的 Kubernetes secret 存储组件定义文件(详见下文)。通过自定义定义,您可以将代码中对 secret 存储的引用与托管平台解耦,因为存储名称可以自定义,不是固定的,这样可以使代码更通用和可移植。此外,通过显式定义 Kubernetes secret 存储组件,您可以从本地 Dapr 自托管安装连接到 Kubernetes secret 存储。这需要一个有效的 <a href="https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/"><code>kubeconfig</code></a> 文件。</p> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">限制 secret 存储访问</h4> 当使用 <a href="https://v1-18.docs.dapr.io/zh-hans/developing-applications/building-blocks/secrets/secrets-scopes/">secret 范围</a> 限制应用程序中对 secret 的访问时,重要的是在范围定义中包含默认的 secret 存储以进行限制。 </div> <h2 id="创建自定义-kubernetes-secret-存储组件">创建自定义 Kubernetes secret 存储组件</h2> <p>要设置 Kubernetes secret 存储,请创建一个类型为 <code>secretstores.kubernetes</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用 secretstore 配置。请参阅本指南了解如何<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用 secret</a>以检索和使用 Dapr 组件的 secret。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">mycustomsecretstore</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.kubernetes</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">metadata:[]</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><h2 id="配置元数据字段">配置元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详情</th> <th>示例</th> <th></th> </tr> </thead> <tbody> <tr> <td><code>defaultNamespace</code></td> <td style="text-align: center">否</td> <td>默认命名空间以检索 secret。如果未设置,则必须在每个请求元数据中或通过环境变量 <code>NAMESPACE</code> 指定 <code>namespace</code></td> <td><code>&quot;default-ns&quot;</code></td> <td></td> </tr> <tr> <td><code>kubeconfigPath</code></td> <td style="text-align: center">否</td> <td>kubeconfig 文件的路径。如果未指定,存储将使用默认的集群内配置值</td> <td><code>&quot;/path/to/kubeconfig&quot;</code></td> <td></td> </tr> </tbody> </table> <h2 id="可选的每请求元数据参数">可选的每请求元数据参数</h2> <p>可以为 Kubernetes secret 存储组件提供以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>:</p>阿里云 OOS 参数存储https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/alicloud-oos-parameter-store/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/alicloud-oos-parameter-store/<h2 id="组件格式">组件格式</h2> <p>要配置阿里云 OOS 参数存储的密钥存储,需创建一个类型为 <code>secretstores.alicloud.parameterstore</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用密钥存储配置。请参阅本指南,了解如何在 Dapr 组件中引用和使用 secret。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">alibabacloudparameterstore</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.alicloud.parameterstore</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">regionId</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[alicloud_region_id]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">accessKeyId </span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[alicloud_access_key_id]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">accessKeySecret</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[alicloud_access_key_secret]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">securityToken</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[alicloud_security_token]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例中,secret 以明文字符串形式使用。建议使用本地密钥存储,例如 <a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 密钥存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来安全地存储密钥。 </div> <h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>regionId</td> <td style="text-align: center">Y</td> <td>部署阿里云 OOS 参数存储实例的特定区域</td> <td><code>&quot;cn-hangzhou&quot;</code></td> </tr> <tr> <td>accessKeyId</td> <td style="text-align: center">Y</td> <td>访问此资源的阿里云访问密钥 ID</td> <td><code>&quot;accessKeyId&quot;</code></td> </tr> <tr> <td>accessKeySecret</td> <td style="text-align: center">Y</td> <td>访问此资源的阿里云访问密钥 Secret</td> <td><code>&quot;accessKeySecret&quot;</code></td> </tr> <tr> <td>securityToken</td> <td style="text-align: center">N</td> <td>使用的阿里云安全令牌</td> <td><code>&quot;securityToken&quot;</code></td> </tr> </tbody> </table> <h2 id="可选的每请求元数据属性">可选的每请求元数据属性</h2> <p>在从此密钥存储检索 secret 时,可以提供以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>:</p>本地环境变量(用于开发)https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/envvar-secret-store/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/envvar-secret-store/<p>此 Dapr secret 存储组件使用本地定义的环境变量,并且不使用身份验证。</p> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 这种 secret 管理方法不建议用于生产环境。 </div> <h2 id="组件格式">组件格式</h2> <p>要配置本地环境变量 secret 存储,需要创建一个类型为 <code>secretstores.local.env</code> 的组件。在 <code>./components</code> 目录中创建一个文件,内容如下:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">envvar-secret-store</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.local.env</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># - name: prefix</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># value: &#34;MYAPP_&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详情</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td><code>prefix</code></td> <td style="text-align: center">否</td> <td>如果设置此字段,则仅操作具有指定前缀的环境变量。返回的 secret 名称中将移除该前缀。<br>在 Windows 上匹配时不区分大小写,而在其他操作系统上区分大小写。</td> <td><code>&quot;MYAPP_&quot;</code></td> </tr> </tbody> </table> <h2 id="注意事项">注意事项</h2> <p>出于安全考虑,此组件无法访问以下环境变量:</p> <ul> <li><code>APP_API_TOKEN</code></li> <li>任何以 <code>DAPR_</code> 前缀开头的变量</li> </ul> <h2 id="相关链接">相关链接</h2> <ul> <li><a href="https://v1-18.docs.dapr.io/zh-hans/developing-applications/building-blocks/secrets/">Secrets 构建块</a></li> <li><a href="https://v1-18.docs.dapr.io/zh-hans/developing-applications/building-blocks/secrets/howto-secrets/">操作指南:检索 secret</a></li> <li><a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">操作指南:在 Dapr 组件中引用 secret</a></li> <li><a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/">Secrets API 参考</a></li> </ul>本地文件(用于开发)https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/<p>此 Dapr secret 存储组件从指定文件读取纯文本 JSON,并且不使用身份验证。</p> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 不建议在生产环境中使用这种 secret 管理方法。 </div> <h2 id="组件格式">组件格式</h2> <p>要设置基于本地文件的 secret 存储,请创建一个类型为 <code>secretstores.local.file</code> 的组件。在 <code>./components</code> 目录中创建一个包含以下内容的文件:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">local-secret-store</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.local.file</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretsFile</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000;font-weight:bold">[</span><span style="color:#000">path to the JSON file]</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">nestedSeparator</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;:&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">multiValued</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;false&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><h2 id="规格元数据字段">规格元数据字段</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>secretsFile</td> <td style="text-align: center">Y</td> <td>存储 secret 的文件路径</td> <td><code>&quot;path/to/file.json&quot;</code></td> </tr> <tr> <td>nestedSeparator</td> <td style="text-align: center">N</td> <td>用于展平 JSON 层次结构时的分隔符,默认为 <code>&quot;:&quot;</code></td> <td><code>&quot;:&quot;</code></td> </tr> <tr> <td>multiValued</td> <td style="text-align: center">N</td> <td><code>&quot;true&quot;</code> 启用 <code>multipleKeyValuesPerSecret</code> 行为,允许在展平 JSON 层次结构前有一级多值键/值对。默认为 <code>&quot;false&quot;</code></td> <td><code>&quot;true&quot;</code></td> </tr> </tbody> </table> <h2 id="设置-json-文件以保存-secret">设置 JSON 文件以保存 secret</h2> <p>假设从 <code>secretsFile</code> 加载的 JSON 如下:</p>华为云密钥管理服务 (CSMS)https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/huaweicloud-csms/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/huaweicloud-csms/<h2 id="组件格式">组件格式</h2> <p>要配置华为云密钥管理服务 (CSMS) 的密钥存储,需创建一个类型为 <code>secretstores.huaweicloud.csms</code> 的组件。请参阅<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/setup-secret-store/#apply-the-configuration">本指南</a>了解如何创建和应用密钥存储配置。有关如何<a href="https://v1-18.docs.dapr.io/zh-hans/operations/components/component-secrets/">引用密钥</a>以在 Dapr 组件中检索和使用密钥的信息,请参阅本指南。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dapr.io/v1alpha1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Component</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">huaweicloudcsms</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretstores.huaweicloud.csms</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">version</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">region</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[huaweicloud_region]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">accessKey </span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[huaweicloud_access_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">secretAccessKey</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">value</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;[huaweicloud_secret_access_key]&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">警告</h4> 上述示例中,密钥以明文字符串形式使用。建议使用本地密钥存储,例如 <a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/kubernetes-secret-store/">Kubernetes 密钥存储</a>或<a href="https://v1-18.docs.dapr.io/zh-hans/reference/components-reference/supported-secret-stores/file-secret-store/">本地文件</a>来确保密钥的安全存储。 </div> <h2 id="元数据字段说明">元数据字段说明</h2> <table> <thead> <tr> <th>字段</th> <th style="text-align: center">必需</th> <th>详细信息</th> <th>示例</th> </tr> </thead> <tbody> <tr> <td>region</td> <td style="text-align: center">是</td> <td>华为云 CSMS 实例所在的具体区域</td> <td><code>&quot;cn-north-4&quot;</code></td> </tr> <tr> <td>accessKey</td> <td style="text-align: center">是</td> <td>用于访问此资源的华为云访问密钥</td> <td><code>&quot;accessKey&quot;</code></td> </tr> <tr> <td>secretAccessKey</td> <td style="text-align: center">是</td> <td>用于访问此资源的华为云密钥访问密钥</td> <td><code>&quot;secretAccessKey&quot;</code></td> </tr> </tbody> </table> <h2 id="可选的每请求元数据属性">可选的每请求元数据属性</h2> <p>在从此密钥存储检索密钥时,可以提供以下<a href="https://v1-18.docs.dapr.io/zh-hans/reference/api/secrets_api/#query-parameters">可选查询参数</a>:</p>