Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Java Dapr-AKS-ACA Workshop

Reference a secret in Dapr components

Table of contents

Previously, you have created an Azure Key Vault and added the Dapr component. Now you will use a secret from a secret store in another Dapr component. This bonus assignment is about using Azure Key Vault as a secret store to store the connection string of the Azure Service Bus and use it in the pubsub component.

Pre-requisite

If the setup of the Azure Key Vault is not done yet, please follow the instructions in Setup Azure Key Vault as a secret store.

The Assignment 3 - Setup Azure Service Bus is also a pre-requisite for this assignment. If not done yet, please follow the instructions in Assignment 3 - Setup Azure Service Bus.

Step 1: Create a secret in the Azure Key Vault for the connetion string

Azure Service Bus’ connection string will be store as a string/literal secret:

  1. Open a terminal window.

  2. Create a secret in the Azure Key Vault for Azure Service Bus’ connection string:

     az keyvault secret set --vault-name $KEY_VAULT --name azSericeBusconnectionString --value "<connection-string>"

    Replace <connection-string> with the connection string of the Azure Service Bus created in assignement 3.

Step 2: Use the secret in the application FineCollectionService

  1. Open the file dapr/components/azure-servicebus-pubsub.yaml (created in assignment 3) in your code editor, and inspect it.

  2. Replace value:

     value: "Endpoint=sb://{ServiceBusNamespace}.servicebus.windows.net/;SharedAccessKeyName={PolicyName};SharedAccessKey={Key};EntityPath={ServiceBus}"

    with:

     secretKeyRef:
   name: azSericeBusconnectionString
   key: azSericeBusconnectionString

    When the secret is a string/literal, the key is the same as the name of the secret, see How-To: Reference secrets in components.

  3. Add the following lines before scopes::

     auth:
   secretStore: secretstore

    This tells Dapr to use the secret store component secretstore to retrieve the secret.

Step 3: Test the application

You’re going to start all the services now.

  1. Make sure no services from previous tests are running (close the command-shell windows).

  2. Open the terminal window and make sure the current folder is VehicleRegistrationService.

  3. Enter the following command to run the VehicleRegistrationService with a Dapr sidecar:

    mvn spring-boot:run

  4. Open a new terminal window and change the current folder to FineCollectionService.

  5. Enter the following command to run the FineCollectionService with a Dapr sidecar:

    • Ensure you have run dapr init command prior to running the below command
     dapr run --app-id finecollectionservice --app-port 6001 --dapr-http-port 3601 --dapr-grpc-port 60001 --resources-path ../dapr/components mvn spring-boot:run

  6. Open a new terminal window and change the current folder to TrafficControlService.

  7. Enter the following command to run the TrafficControlService with a Dapr sidecar:

    dapr run --app-id trafficcontrolservice --app-port 6000 --dapr-http-port 3600 --dapr-grpc-port 60000 --resources-path ../dapr/components mvn spring-boot:run

  8. Open a new terminal window and change the current folder to Simulation.

  9. Start the simulation:

    mvn spring-boot:run

You should see the same logs as Assignment 3 with Azure Service Bus. Obviously, the behavior of the application is exactly the same as before.

Challenge

You can use the secret store to store Cosmos DB master key as well. Try it out! More information on Cosmos DB as a state store can be found in Bonus Assignment: State Store.

Retreive a secret in the application Deploy to ACA