WhitWaldo
commented
1 month ago @yaron2 recently spoke to this point in Discord about a month ago. This is not planned as a feature at this time because of the security implications of a user gaining access to Dapr and being able to write arbitrarily to your vault (including overwrite existing secrets).
As such, I'm going to close this as not planned, but I might suggest two alternative approaches:
1) Use the cryptography functionality to encrypt your secret and place it under a key via the state management block. This isn't necessarily recommend (but an option) given that your state management provider presumably requires credentials to read/write values, so you can at least limit access to some degree (perhaps use a scope on your component to limit which apps can read it), and achieve a similar functionality.
2) Use the Azure Key Vault Secrets SDK with an identity that is assigned the Key Vault Secrets Officer (or better) role on the Key Vault and write the secret through this client. Then read via Dapr as you'd like. This is the approach I tend to take in my own applications when I absolutely must write something to the Key Vault.
Please feel free to re-open the issue if you have any follow-up questions, but again, this isn't something likely to change on Dapr itself.
Describe the feature
There are some situations where secrets will need to saved in a secret store and updated over time. I have a use case where I need to store a refresh token in Azure Key Vault using a cron job, which needs to be refreshed every 6 hours.
In C#, this could look like this:
Release Note
RELEASE NOTE: