This lab is build to illustrate how secrets can be used in Dapr. In this application we retrieve an encryption key which we use in an app to encrypt and decrypt a string. We store the secret as Kubernetes Secret but give access to the applicaiton with the Dapr secret building block. The diagram below shows the system setup.
All applications that are used throughout the entire course are listed under Installs.
How complete the lab:
- Setup K8s cluster and install Dapr.
- Deploy the K8s components:
kubectl apply -f deployment - The secret is empty just yet:
kubectl get secret -o yaml encryption-key-secret - Update the secret (
create_encryption_key_secret.sh):ENCRYPTION_KEY=$(openssl rand -base64 32)kubectl create secret generic $SECRET_NAME --from-literal=$KEY_NAME="$ENCRYPTION_KEY" --dry-run=client -o yaml | kubectl apply -f -
- Port forward:
kubectl port-forward svc/secrets-crypt 8080:8080 - Test the App: you can visit localhost:8080 you should see
Secrets Crypt App Runs!. After that you can test the encryption & decryption functionallity.curl -X POST http://127.0.0.1:8080/encrypt -d 'some test string' > tmp.txtcurl -X POST http://127.0.0.1:8080/decrypt -d "$(cat tmp.txt)"
Done!
docker build -f Containerfile -t leonardpahlke/secrets-crypt:latest .docker push leonardpahlke/secrets-crypt:latestkubectl rollout restart deployment/secrets-crypt