mosn · Xunzhuo · May 15, 2022 · Apr 23, 2022 · Apr 23, 2022 · Apr 23, 2022
diff --git a/configs/config_secret_file.json b/configs/config_secret_file.json
@@ -0,0 +1,78 @@
+{
+  "servers": [
+    {
+      "default_log_path": "stdout",
+      "default_log_level": "DEBUG",
+      "routers": [
+        {
+          "router_config_name": "actuator_dont_need_router"
+        }
+      ],
+      "listeners": [
+        {
+          "name": "grpc",
+          "address": "127.0.0.1:34904",
+          "bind_port": true,
+          "filter_chains": [
+            {
+              "filters": [
+                {
+                  "type": "grpc",
+                  "config": {
+                    "server_name": "runtime",
+                    "grpc_config": {
+                      "hellos": {
+                        "helloworld": {
+                          "hello": "greeting"
+                        }
+                      },
+                      "secret_store": {
+                        "local.file": {
+                          "metadata": {
+                            "secretsFile": "../../configs/secret/config_secret_local_file.json"
+                          }
+                        },
+                        "local.env": {
+                          "metadata": {
+                          }
+                        }
+                      },
+                      "app": {
+                        "app_id": "app1",
+                        "grpc_callback_port": 9999
+                      }
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "name": "actuator",
+          "address": "127.0.0.1:34999",
+          "bind_port": true,
+          "filter_chains": [
+            {
+              "filters": [
+                {
+                  "type": "proxy",
+                  "config": {
+                    "downstream_protocol": "Http1",
+                    "upstream_protocol": "Http1",
+                    "router_config_name": "actuator_dont_need_router"
+                  }
+                }
+              ]
+            }
+          ],
+          "stream_filters": [
+            {
+              "type": "actuator_filter"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
diff --git a/configs/secret/config_secret_local_file.json b/configs/secret/config_secret_local_file.json
@@ -0,0 +1,6 @@
+{
+  "db-user-pass": {
+    "username": "devuser",
+    "password": "S!S*d$zDsb="
+  }
+}
diff --git a/demo/secret/common/client.go b/demo/secret/common/client.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"mosn.io/layotto/sdk/go-sdk/client"
+
+	runtimev1pb "mosn.io/layotto/spec/proto/runtime/v1"
+)
+
+var storeName string
+
+func init() {
+	flag.StringVar(&storeName, "s", "", "set `storeName`")
+}
+
+func main() {
+
+	flag.Parse()
+	if storeName == "" {
+		panic("storeName is empty.")
+	}
+	cli, err := client.NewClient()
+	if err != nil {
+		panic(err)
+	}
+	defer cli.Close()
+	ctx := context.Background()
+	//2. get the secret
+	resp, err := cli.GetSecret(ctx, &runtimev1pb.GetSecretRequest{
+		StoreName: storeName,
+		Key:       "db-user-pass:password",
+	})
+	if err != nil {
+		panic(err)
+	}
+	if resp == nil || len(resp.Data) == 0 {
+		panic("no response data")
+	}
+	fmt.Println(resp)
+
+	//3. get the bulk secret
+	bulkSecrets, err := cli.GetBulkSecret(ctx, &runtimev1pb.GetBulkSecretRequest{
+		StoreName: storeName,
+	})
+	if err != nil {
+		panic(err)
+	}
+	if bulkSecrets == nil || len(bulkSecrets.Data) == 0 {
+		panic("no response data")
+	}
+	fmt.Println(bulkSecrets)
+
+}
diff --git a/docs/_sidebar.md b/docs/_sidebar.md
@@ -7,6 +7,7 @@
   - [Use Pub/Sub API](en/start/pubsub/start.md)
   - [Use Distributed Lock API](en/start/lock/start.md)
   - [Use Sequencer API](en/start/sequencer/start.md)
+  - [Use Secret API](en/start/secret/start.md)
   - Service Invocation
     - [Hello World](en/start/rpc/helloworld.md)
     - [Dubbo JSON RPC](en/start/rpc/dubbo_json_rpc.md)    
@@ -67,6 +68,7 @@
         - [Redis](en/component_specs/sequencer/redis.md)
         - [Zookeeper](en/component_specs/sequencer/zookeeper.md)
         - [MongoDB](en/component_specs/sequencer/mongo.md)
+      - [Secret Store](en/component_specs/secret/common.md)
 - Design documents
   - [Actuator design doc](en/design/actuator/actuator-design-doc.md)
   - [Configuration API with Apollo](en/design/configuration/configuration-api-with-apollo.md)

diff --git a/docs/en/component_specs/secret/common.md b/docs/en/component_specs/secret/common.md
@@ -0,0 +1,33 @@
+# Secret Store component
+This component can access secrets from local files, environment variables, k8s, etc.,  Layotto use dapr's secret API, learn more: https://docs.dapr.io/operations/components/setup-secret-store/
+**Configuration file structure**
+
+The json configuration file has the following structure:
+```json
+"secretStores": {
+  "<STORE NAME>": {
+    "metadata": {
+      "<KEY>": "<VALUE>",
+      "<KEY>": "<VALUE>"
+    }
+  }
+}
+```
+Configuration examples of local file keys, local environment variables, and k8s keys:
+```
+       "secretStores": {
+                        "local.file": {
+                          "metadata": {
+                            "secretsFile": "../../configs/config_secret_local_file.json"
+                          }
+                        },
+                        "local.env": {
+                          "metadata": {
+                          }
+                        },
+                        "kubernetes": {
+                          "metadata": {
+                          }
+                        }
+                      }
+```
diff --git a/docs/en/start/secret/start.md b/docs/en/start/secret/start.md
@@ -0,0 +1,54 @@
+# use Secret API to obtain secret
+## What is Secret API
+The secret API is used to obtain secret from file, env, k8s, etc
+
+Get all API and secret support
+## Quick start
+
+This example shows how to obtain the secret in file, env and k8s through the Layotto secret API
+
+
+
+### Step 1:  Run Layotto
+
+After downloading the project code to the local, switch the code directory and compile:
+
+```shell
+cd ${project_path}/cmd/layotto
+```
+
+build:
+```shell @if.not.exist layotto
+go build -o layotto
+```
+
+Once finished, the layotto file will be generated in the directory, run it:
+
+```shell @background
+./layotto start -c ../../configs/config_secret_file.json
+```
+
+### Step 2: Run the client program and call Layotto to generate a unique id
+
+```shell
+ cd ${project_path}/demo/secret/common/
+```
+
+```shell @if.not.exist client
+ go build -o client
+```
+
+```shell
+ ./client -s "local.file"
+```
+
+If the following information is printed, the demo is successful:
+
+```bash
+data:{key:"db-user-pass:password" value:"S!S*d$zDsb="}
+data:{key:"db-user-pass:password" value:{secrets:{key:"db-user-pass:password" value:"S!S*d$zDsb="}}} data:{key:"db-user-pass:username" value:{secrets:{key:"db-user-pass:username" value:"devuser"}}}
+```
+
+
+## Want to learn more about Secret API?
+Layotto reuse Dapr Secret API，learn more：https://docs.dapr.io/operations/components/setup-secret-store/
diff --git a/docs/zh/_sidebar.md b/docs/zh/_sidebar.md
@@ -7,6 +7,7 @@
     - [使用Pub/Sub API](zh/start/pubsub/start.md)
     - [使用分布式锁 API](zh/start/lock/start.md)
     - [使用Sequencer API生成分布式自增id](zh/start/sequencer/start.md)
+    - [使用 Secret API](zh/start/secret/start.md)
     - 进行RPC调用
         - [Hello World](zh/start/rpc/helloworld.md)
         - [Dubbo JSON RPC](zh/start/rpc/dubbo_json_rpc.md)
@@ -72,6 +73,7 @@
                 - [Redis](zh/component_specs/sequencer/redis.md)
                 - [Zookeeper](zh/component_specs/sequencer/zookeeper.md)
                 - [MongoDB](zh/component_specs/sequencer/mongo.md)
+            - [Secret Store](zh/component_specs/secret/common.md)  
             - [自定义组件](zh/component_specs/custom/common.md)
     - [如何部署、升级 Layotto](zh/operation/)
 - 设计文档

diff --git a/docs/zh/component_specs/secret/common.md b/docs/zh/component_specs/secret/common.md
@@ -0,0 +1,34 @@
+# 秘钥组件
+该组件可以从本地文件、环境变量、k8s等获取秘钥，复用了dapr的secret API，了解更多：https://docs.dapr.io/operations/components/setup-secret-store/
+
+**配置文件结构**
+
+json配置文件有如下结构：
+```json
+"secretStores": {
+  "<STORE NAME>": {
+    "metadata": {
+      "<KEY>": "<VALUE>",
+      "<KEY>": "<VALUE>"
+    }
+  }
+}
+```
+本地文件秘钥、本地环境变量、k8s秘钥的配置例子：
+```
+       "secretStores": {
+                        "local.file": {
+                          "metadata": {
+                            "secretsFile": "../../configs/config_secret_local_file.json"
+                          }
+                        },
+                        "local.env": {
+                          "metadata": {
+                          }
+                        },
+                        "kubernetes": {
+                          "metadata": {
+                          }
+                        }
+                      }
+```
diff --git a/docs/zh/start/secret/start.md b/docs/zh/start/secret/start.md
@@ -0,0 +1,50 @@
+# 使用Secret API获取secret
+## 什么是Secret API
+Secret API用于从file、env、k8s等获取secret
+
+Secret API支持获取单个和所有secret
+## 快速开始
+
+该示例展示了如何通过Layotto Secret API 获取 file、env、k8s中的secret
+
+
+### 第一步：运行Layotto
+
+将项目代码下载到本地后，切换代码目录、编译：
+
+```shell
+cd ${project_path}/cmd/layotto
+```
+构建:
+```shell @if.not.exist layotto
+go build -o layotto
+```
+完成后目录下会生成layotto文件，运行它：
+
+```shell @background
+./layotto start -c ../../configs/config_secret_file.json
+```
+
+### 第二步：运行客户端程序，调用Layotto生成唯一id
+
+```shell
+ cd ${project_path}/demo/secret/common/
+```
+
+```shell @if.not.exist client
+ go build -o client
+```
+```shell
+ ./client -s "local.file"
+```
+
+打印出如下信息则代表调用成功：
+
+```bash
+data:{key:"db-user-pass:password" value:"S!S*d$zDsb="}
+data:{key:"db-user-pass:password" value:{secrets:{key:"db-user-pass:password" value:"S!S*d$zDsb="}}} data:{key:"db-user-pass:username" value:{secrets:{key:"db-user-pass:username" value:"devuser"}}}
+```
+
+
+## 想要详细了解Secret API?
+Layotto复用了Dapr的Secret API，了解更多：https://docs.dapr.io/operations/components/setup-secret-store/
diff --git a/etc/script/test-quickstart.sh b/etc/script/test-quickstart.sh
@@ -35,6 +35,8 @@ quickstarts_in_default="docs/en/start/configuration/start.md
   docs/en/start/trace/prometheus.md
   docs/en/start/wasm/start.md
   docs/zh/start/wasm/start.md
+  docs/en/start/secret/start.md
+  docs/zh/start/secret/start.md
 "
 
 # In advance mod, we test these docs with golang 1.17

diff --git a/pkg/runtime/config.go b/pkg/runtime/config.go
@@ -50,7 +50,7 @@ type MosnRuntimeConfig struct {
 	LockManagement         map[string]lock.Config              `json:"lock"`
 	SequencerManagement    map[string]sequencer.Config         `json:"sequencer"`
 	Bindings               map[string]bindings.Metadata        `json:"bindings"`
-	SecretStoresManagement map[string]bindings.Metadata        `json:"secretStores"`
+	SecretStoresManagement map[string]bindings.Metadata        `json:"secret_store"`
 	// <component type,component name,config>
 	// e.g. <"super_pubsub","etcd",config>
 	CustomComponent map[string]map[string]custom.Config `json:"custom_component,omitempty"`