Dapr
Dapr Secrets API

The Dapr Secrets API provides a consistent way to retrieve application secrets from various secret stores, including Hashicorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, and Kubernetes Secrets.
Documentation GitHub OpenAPI
OpenAPI Specification

openapi: 3.1.0
info:
  title: Dapr Secrets API
  description: >-
    The Dapr Secrets API provides a consistent way to retrieve application
    secrets from various secret stores, including Hashicorp Vault, AWS
    Secrets Manager, Azure Key Vault, GCP Secret Manager, and Kubernetes
    Secrets.
  version: 1.0.0
  contact:
    name: Dapr
    url: https://dapr.io
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
externalDocs:
  description: Dapr Secrets API Reference
  url: https://docs.dapr.io/reference/api/secrets_api/
servers:
  - url: http://localhost:3500
    description: Dapr Sidecar
paths:
  /v1.0/secrets/{secret-store-name}/{name}:
    get:
      summary: Dapr Get Secret
      description: >-
        Retrieves a secret from the specified secret store by name. Supports
        optional per-request metadata such as version_id and version_stage.
      operationId: getSecret
      tags:
        - Secrets
      parameters:
        - name: secret-store-name
          in: path
          required: true
          description: The name of the secret store component.
          schema:
            type: string
        - name: name
          in: path
          required: true
          description: The name of the secret to retrieve.
          schema:
            type: string
        - name: metadata.version_id
          in: query
          description: >-
            Version identifier for the secret (supported by Hashicorp
            Vault, GCP Secret Manager, AWS Secret Manager).
          schema:
            type: string
        - name: metadata.version_stage
          in: query
          description: Version stage for the secret (supported by AWS Secret Manager).
          schema:
            type: string
        - name: metadata.namespace
          in: query
          description: Kubernetes namespace (supported by Kubernetes Secrets).
          schema:
            type: string
      responses:
        '200':
          description: Secret retrieved successfully.
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  type: string
        '403':
          description: Access denied by secret store access policy.
        '404':
          description: Secret not found.
        '500':
          description: Failed to get secret.
  /v1.0/secrets/{secret-store-name}/bulk:
    get:
      summary: Dapr Get Bulk Secrets
      description: >-
        Retrieves all secrets from the specified secret store in a single
        request.
      operationId: getBulkSecrets
      tags:
        - Secrets
      parameters:
        - name: secret-store-name
          in: path
          required: true
          description: The name of the secret store component.
          schema:
            type: string
      responses:
        '200':
          description: Bulk secrets retrieved successfully.
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  type: object
                  additionalProperties:
                    type: string
        '403':
          description: Access denied by secret store access policy.
        '500':
          description: Failed to get bulk secrets.
tags:
  - name: Secrets
    description: Secret management operations.
Dapr Secrets API

Documentation

Specifications

Schemas & Data

Other Resources

OpenAPI Specification
