Azure Key Vault
Detailed information on the Azure Key Vault cryptography component
Component format
A Dapr crypto.yaml component file has the following structure:
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: azurekeyvault spec: type: crypto.azure.keyvault metadata: - name: vaultName value: mykeyvault # See authentication section below for all options - name: azureTenantId value: ${{AzureKeyVaultTenantId}} - name: azureClientId value: ${{AzureKeyVaultServicePrincipalClientId}} - name: azureClientSecret value: ${{AzureKeyVaultServicePrincipalClientSecret}} Warning
The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described here.Authenticating with Microsoft Entra ID
The Azure Key Vault cryptography component supports authentication with Microsoft Entra ID only. Before you enable this component:
- Read the Authenticating to Azure document.
- Create an Microsoft Entra ID application (also called a Service Principal).
- Alternatively, create a managed identity for your application platform.
Spec metadata fields
| Field | Required | Details | Example |
|---|---|---|---|
vaultName | Y | Azure Key Vault name | "mykeyvault" |
| Auth metadata | Y | See Authenticating to Azure for more information |