Challenge 7 - Dapr Secrets Management

< Previous Challenge - Home - Next Challenge >

Introduction

In this challenge, you’re going to add the Dapr secrets management building block.

Description

Almost all non-trivial applications need to securely store secret data like API keys, database passwords, and more. As a best practice, secrets should never be checked into the version control system. But at the same time, they need to be accessible to code running in production. This is generally a challenging requirement, but critical to get right.

Dapr provides a solution to this problem: The Dapr secrets building block. It includes an API and a secrets store.

Here’s how it works:

Popular secret stores include Kubernetes, Hashicorp Vault, and Azure KeyVault.

The following diagram depicts an application requesting the secret called “mysecret” from a secret store called “vault” from a configured cloud secret store:

Note the blue-colored Dapr secrets building block that sits between the application and secret stores.

For this challenge you’ll use a file-based local secret store component. Local stores are meant for development or testing purposes. Never use them in production!

Alternatively, you can implement Azure KeyVault as your secret store in this challenge.

Another way of using secrets, is to reference them from Dapr configuration files. You will use both approaches in this challenge.

To learn more about the secrets building block, read the introduction to this building block in the Dapr documentation. Also, checkout the secrets chapter in the Dapr for .NET Developers guidance eBook.

Update the services to use a Dapr secrets buildling block.

Success Criteria

This challenge targets the operation labeled as number 6 in the end-state setup:

Local

Azure

Tips

Learning Resources