dapr
diff --git a/‎go.mod‎
Lines changed: 6 additions & 4 deletions b/‎go.mod‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 4 deletions b/‎go.sum‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎secretstores/akeyless/README.md‎
Lines changed: 213 additions & 0 deletions b/‎secretstores/akeyless/README.md‎
Lines changed: 213 additions & 0 deletions
@@ -1,6 +1,8 @@
 module github.com/dapr/components-contrib
 
-go 1.24.4
+go 1.24.6
+
+toolchain go1.24.10
 
 require (
 	cloud.google.com/go/datastore v1.20.0
@@ -58,13 +60,14 @@ require (
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/chebyrash/promise v0.0.0-20230709133807-42ec49ba1459
 	github.com/cinience/go_rocketmq v0.0.2
-	github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.14.0
+	github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.15.2
 	github.com/cloudevents/sdk-go/v2 v2.15.2
 	github.com/cloudwego/kitex v0.5.0
 	github.com/cloudwego/kitex-examples v0.1.1
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dancannon/gorethink v4.0.0+incompatible
-	github.com/dapr/kit v0.15.3-0.20250717140748-8b780b4d81c5
+	github.com/dapr/components-contrib/tests/certification v0.0.0-20251104160704-920ad8a7b958
+	github.com/dapr/kit v0.16.1
 	github.com/didip/tollbooth/v7 v7.0.1
 	github.com/eclipse/paho.mqtt.golang v1.4.3
 	github.com/fasthttp-contrib/sessions v0.0.0-20160905201309-74f6ac73d5d5
@@ -418,7 +421,6 @@ require (
 	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/arch v0.10.0 // indirect
 
@@ -421,8 +421,8 @@ github.com/clbanning/mxj/v2 v2.5.6 h1:Jm4VaCI/+Ug5Q57IzEoZbwx4iQFA6wkXv72juUSeK+
 github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.14.0 h1:dEopBSOSjB5fM9r76ufM44AVj9Dnz2IOM0Xs6FVxZRM=
-github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.14.0/go.mod h1:qDSbb0fgIfFNjZrNTPtS5MOMScAGyQtn1KlSvoOdqYw=
+github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.15.2 h1:FIvfKlS2mcuP0qYY6yzdIU9xdrRd/YMP0bNwFjXd0u8=
+github.com/cloudevents/sdk-go/binding/format/protobuf/v2 v2.15.2/go.mod h1:POsdVp/08Mki0WD9QvvgRRpg9CQ6zhjfRrBoEY8JFS8=
 github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc=
 github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE=
 github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58 h1:F1EaeKL/ta07PY/k9Os/UFtwERei2/XzGemhpGnBKNg=
@@ -516,8 +516,10 @@ github.com/dancannon/gorethink v4.0.0+incompatible h1:KFV7Gha3AuqT+gr0B/eKvGhbjm
 github.com/dancannon/gorethink v4.0.0+incompatible/go.mod h1:BLvkat9KmZc1efyYwhz3WnybhRZtgF1K929FD8z1avU=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
-github.com/dapr/kit v0.15.3-0.20250717140748-8b780b4d81c5 h1:Q26gmPxs6WnnBYoudOlznPHsmrbTawcYEpHg4VoB7v8=
-github.com/dapr/kit v0.15.3-0.20250717140748-8b780b4d81c5/go.mod h1:40ZWs5P6xfYf7O59XgwqZkIyDldTIXlhTQhGop8QoSM=
+github.com/dapr/components-contrib/tests/certification v0.0.0-20251104160704-920ad8a7b958 h1:DSZgzdXlbF75fwvEkMQpPqn1jjxmWVoBNmI4Bc4dS40=
+github.com/dapr/components-contrib/tests/certification v0.0.0-20251104160704-920ad8a7b958/go.mod h1:IUB5RJv0Gj5qxsHjjhvEBIlxPka7cD7KAn/Coa2y27M=
+github.com/dapr/kit v0.16.1 h1:MqLAhHVg8trPy2WJChMZFU7ToeondvxcNHYVvMDiVf4=
+github.com/dapr/kit v0.16.1/go.mod h1:40ZWs5P6xfYf7O59XgwqZkIyDldTIXlhTQhGop8QoSM=
 github.com/dave/jennifer v1.4.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 
@@ -0,0 +1,213 @@
+# Akeyless Secret Store
+
+This component provides a Dapr secret store implementation for [Akeyless](https://www.akeyless.io/), a cloud-native secrets management platform.
+
+## Configuration
+
+The Akeyless Dapr Secret Store component only supports the following [Authentication Methods](https://docs.akeyless.io/docs/access-and-authentication-methods):
+
+- [API Key](https://docs.akeyless.io/docs/api-key)
+- [OAuth2.0/JWT](https://docs.akeyless.io/docs/oauth20jwt)
+- [AWS IAM](https://docs.akeyless.io/docs/aws-iam)
+- [Kubernetes](https://docs.akeyless.io/docs/kubernetes-auth)
+
+### Authentication
+
+The Akeyless secret store component supports the following configuration options:
+
+| Field | Required | Description | Example |
+|-------|----------|-------------|---------|
+| `gatewayUrl` | No | The Akeyless Gateway URL. Default is https://api.akeyless.io. | `https://your-gateway.akeyless.io` |
+| `accessId` | Yes | The Akeyless authentication access ID. | `p-123456780wm` |
+| `jwt` | No | If using an OAuth2.0/JWT access ID, specify the JSON Web Token | `eyJ...` |
+| `accessKey` | No | If using an API Key access ID, specify the API key | `ABCD123...=` |
+| `k8sAuthConfigName` | No | If using the k8s auth method, specify the name of the k8s auth config. | `k8s-auth-config` |
+| `k8sGatewayUrl` | No | The gateway URL that where the k8s auth config is located. | `http://gw.akeyless.svc.cluster.local:8000` |
+| `k8sServiceAccountToken` | No | If using the k8s auth method, specify the service account token. If not specified,
+      we will try to read it from the default service account token file. | `eyJ...` |
+
+
+
+## Examples
+
+We currently support the following [Authentication Methods](https://docs.akeyless.io/docs/access-and-authentication-methods):
+
+
+## Examples
+
+## Example Configuration: API Key
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: akeyless-secretstore
+spec:
+  type: secretstores.akeyless
+  version: v1
+  metadata:
+  - name: gatewayUrl
+    value: "https://your-gateway.akeyless.io"
+  - name: accessId
+    value: "p-1234Abcdam"
+  - name: accessKey
+    value: "ABCD1233...="
+```
+
+
+## Example Configuration: JWT
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: akeyless-secretstore
+spec:
+  type: secretstores.akeyless
+  version: v1
+  metadata:
+  - name: gatewayUrl
+    value: "https://your-gateway.akeyless.io"
+  - name: accessId
+    value: "p-1234Abcdom"
+  - name: jwt
+    value: "eyJ....."
+```
+
+## Example Configuration: AWS IAM
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: akeyless
+spec:
+  type: secretstores.akeyless
+  version: v1
+  metadata:
+  - name: gatewayUrl
+    value: "https://your-gateway.akeyless.io"
+  - name: accessId
+    value: "p-1234Abcdwm"
+```
+
+## Example Configuration: Kubernetes
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: akeyless
+spec:
+  type: secretstores.akeyless
+  version: v1
+  metadata:
+  - name: gatewayUrl
+    value: "https://gw.akeyless.svc.cluster.local"
+  - name: accessId
+    value: "p-1234Abcdwm"
+  - name: k8sAuthConfigName
+    value: "us-east-1-prod-akeyless-k8s-conf"
+  - name: k8sGatewayUrl
+    value: https://gw.akeyless.svc.cluster.local
+```
+
+## Usage
+
+Once configured, you can retrieve secrets using the Dapr secrets API:
+
+```bash
+# Get a single secret
+curl http://localhost:3500/v1.0/secrets/akeyless/my-secret
+
+# Get all secrets (static, dynamic, rotated) from root (/) path
+curl http://localhost:3500/v1.0/secrets/akeyless/bulk
+
+# Get all secrets static secrets
+curl http://localhost:3500/v1.0/secrets/akeyless/bulk?metadata.secrets_type=static
+
+# Get all static and dynamic secrets from a specific path (/my/org)
+curl http://localhost:3500/v1.0/secrets/akeyless/bulk?metadata.secrets_type=static,dynamic&metadata.path=/my/org
+```
+
+Or using the Dapr SDK. The example below retrieves all static secrets from path `/path/to/department`.
+```go
+log.Println("Starting test application")
+	client, err := dapr.NewClient()
+	if err != nil {
+		log.Printf("Error creating Dapr client: %v\n", err)
+		panic(err)
+	}
+	log.Println("Dapr client created successfully")
+	const daprSecretStore = "akeyless"
+
+	defer client.Close()
+	ctx := context.Background()
+	akeylessBulkMetadata := map[string]string{
+		"path":         "/path/to/department",
+		"secrets_type": "static",
+	}
+	secrets, err := client.GetBulkSecret(ctx, daprSecretStore, akeylessBulkMetadata)
+	if err != nil {
+		log.Printf("Error fetching secrets: %v\n", err)
+		panic(err)
+	}
+	log.Printf("Found %d secrets: ", len(secrets))
+	for secretName, secretValue := range secrets {
+		log.Printf("Secret: %s, Value: %s", secretName, secretValue)
+	}
+```
+
+## Features
+
+- Supports static, dynamic and rotated secrets.
+- **GetSecret**: Retrieve an individual value secret by path. 
+- **BulkGetSecret**: Retrieve all secrets from a specified path (or `/` by default) recursively.
+
+## Response Formats
+
+The Akeyless secret store returns different response formats depending on the secret type:
+
+### Static Secrets
+Static secrets return their value directly as a string:
+
+```json
+{
+  "my-static-secret": "secret-value"
+}
+```
+
+### Dynamic Secrets
+Dynamic secrets return a JSON string containing the credentials. The exact structure depends on the target system:
+
+**MySQL Dynamic Secret:**
+```json
+{
+  "my-mysql-secret": "{\"user\":\"generated_username\",\"password\":\"generated_password\",\"ttl_in_minutes\":\"60\",\"id\":\"username\"}"
+}
+```
+
+**Azure AD Dynamic Secret:**
+```json
+{
+  "my-azure-secret": "{\"user\":{\"id\":\"user_id\",\"displayName\":\"user_name\",\"mail\":\"email@domain.com\"},\"secret\":{\"keyId\":\"secret_key_id\",\"displayName\":\"secret_name\",\"tenantId\":\"tenant_id\"},\"ttl_in_minutes\":\"60\",\"id\":\"user_id\",\"msg\":\"User has been added successfully...\"}"
+}
+```
+
+**GCP Dynamic Secret:**
+```json
+{
+  "my-gcp-secret": "{\"encoded_key\":\"base64_encoded_service_account_key\",\"ttl_in_minutes\":\"60\",\"id\":\"service_account_name\"}"
+}
+```
+
+### Rotated Secrets
+Rotated secrets return a JSON object containing all available fields:
+
+```json
+{
+  "my-rotated-secret": "{\"value\":{\"username\":\"rotated_user\",\"password\":\"rotated_password\",\"application_id\":\"1234567890\"}}"
+}
+```
+
+**Note:** The exact fields in dynamic and rotated secret responses vary by target system and configuration. Applications should parse the JSON string to extract the specific credentials they need.