openapi: 3.1.0
info:
  title: Dapr Secrets API
  description: >-
    The Dapr Secrets API provides a consistent way to retrieve application
    secrets from various secret stores, including Hashicorp Vault, AWS
    Secrets Manager, Azure Key Vault, GCP Secret Manager, and Kubernetes
    Secrets.
  version: 1.0.0
  contact:
    name: Dapr
    url: https://dapr.io
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
externalDocs:
  description: Dapr Secrets API Reference
  url: https://docs.dapr.io/reference/api/secrets_api/
servers:
  - url: http://localhost:3500
    description: Dapr Sidecar
paths:
  /v1.0/secrets/{secret-store-name}/{name}:
    get:
      summary: Dapr Get Secret
      description: >-
        Retrieves a secret from the specified secret store by name. Supports
        optional per-request metadata such as version_id and version_stage.
      operationId: getSecret
      tags:
        - Secrets
      parameters:
        - name: secret-store-name
          in: path
          required: true
          description: The name of the secret store component.
          schema:
            type: string
        - name: name
          in: path
          required: true
          description: The name of the secret to retrieve.
          schema:
            type: string
        - name: metadata.version_id
          in: query
          description: >-
            Version identifier for the secret (supported by Hashicorp
            Vault, GCP Secret Manager, AWS Secret Manager).
          schema:
            type: string
        - name: metadata.version_stage
          in: query
          description: Version stage for the secret (supported by AWS Secret Manager).
          schema:
            type: string
        - name: metadata.namespace
          in: query
          description: Kubernetes namespace (supported by Kubernetes Secrets).
          schema:
            type: string
      responses:
        '200':
          description: Secret retrieved successfully.
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  type: string
        '403':
          description: Access denied by secret store access policy.
        '404':
          description: Secret not found.
        '500':
          description: Failed to get secret.
  /v1.0/secrets/{secret-store-name}/bulk:
    get:
      summary: Dapr Get Bulk Secrets
      description: >-
        Retrieves all secrets from the specified secret store in a single
        request.
      operationId: getBulkSecrets
      tags:
        - Secrets
      parameters:
        - name: secret-store-name
          in: path
          required: true
          description: The name of the secret store component.
          schema:
            type: string
      responses:
        '200':
          description: Bulk secrets retrieved successfully.
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  type: object
                  additionalProperties:
                    type: string
        '403':
          description: Access denied by secret store access policy.
        '500':
          description: Failed to get bulk secrets.
tags:
  - name: Secrets
    description: Secret management operations.