private async Task InitKerberos()
        {
            Console.WriteLine($"Retrieving Kerberos keytab from AWS Secrets Manager [{this.KerberosKeytabSecretId}]");
            var secretRequest = new GetSecretValueRequest {
                SecretId = this.KerberosKeytabSecretId
            };
            var secret = await _secretsManager.GetSecretValueAsync(secretRequest);

            using (secret.SecretBinary)
            {
                foreach (var kdc in this.KerberosRealmKdcs)
                {
                    _km = new KerberosManager(new KerberosOptions
                    {
                        Realm     = KerberosRealm,
                        RealmKdc  = kdc,
                        Principal = KerberosPrincipal,
                    });

                    try
                    {
                        _km.Init(secret.SecretBinary);
                        return;
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine($"Exception initializing Kerberos against KDC '{kdc}': {ex}");
                    }
                }

                throw new Exception($"Unable to initialize Kerberos against any of the supplied KDCs.");
            }
        }
        public async Task <string> GetSecretAsync()
        {
            try
            {
                string secret = "";
                if (_secretsManagerCache != null)
                {
                    secret = await _secretsManagerCache.GetSecretString(_tokenSecretName);
                }

                if (string.IsNullOrEmpty(secret))
                {
                    var request = new GetSecretValueRequest
                    {
                        SecretId     = _tokenSecretName,
                        VersionStage = "AWSCURRENT"
                    };

                    var response = await _amazonSecretsManager.GetSecretValueAsync(request);

                    _secretsManagerCache = new SecretsManagerCache(_amazonSecretsManager);

                    secret = response.SecretString;
                }

                return(secret);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, ex.Message, _tokenSecretName);
                return("");
            }
        }
Beispiel #3
0
        public DBConnectionString GetConnectionString(IAmazonSecretsManager secretsManager)
        {
            GetSecretValueRequest request = new GetSecretValueRequest();

            request.SecretId     = SecretName;
            request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
            GetSecretValueResponse response = null;

            try
            {
                response = secretsManager.GetSecretValueAsync(request).Result;
            }
            catch (DecryptionFailureException)
            {
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (InternalServiceErrorException)
            {
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (InvalidParameterException)
            {
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion
                throw;
            }
            catch (InvalidRequestException)
            {
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (ResourceNotFoundException)
            {
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (System.AggregateException)
            {
                // More than one of the above exceptions were triggered.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            DBConnectionString connectionString = null;

            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if (response.SecretString != null)
            {
                connectionString = Newtonsoft.Json.JsonConvert.DeserializeObject <DBConnectionString>(response.SecretString);
            }

            return(connectionString);
        }
Beispiel #4
0
        public async Task <string> GetSecret(string secretName)
        {
            var request = new GetSecretValueRequest
            {
                SecretId = secretName
            };

            var response = await _secretsManager.GetSecretValueAsync(request);

            return(response.SecretString);
        }
Beispiel #5
0
        public async Task <string> Get(string key)
        {
            Console.WriteLine($"Try get: {key}");

            var request = new GetSecretValueRequest
            {
                SecretId = key
            };

            var response = await _amazonSecretsManager.GetSecretValueAsync(request);

            return(response.SecretString);
        }
Beispiel #6
0
        private async Task <MemoryStream> TryGetSecretAsync()
        {
            try
            {
                var secretValue = await _secretsManager.GetSecretValueAsync(new GetSecretValueRequest { SecretId = _key });

                return(secretValue?.SecretBinary);
            }
            catch (ResourceNotFoundException)
            {
                // Key has not been created yet

                return(null);
            }
        }
Beispiel #7
0
            public IFileInfo GetFileInfo(string subpath)
            {
                var request = new GetSecretValueRequest();

                request.SecretId     = subpath;
                request.VersionStage = "AWSCURRENT";

                try
                {
                    return(new AwsSecretsManagerFileInfo(_secretsManager.GetSecretValueAsync(request).GetAwaiter().GetResult()));
                }
                catch (ResourceNotFoundException)
                {
                    return(new NotFoundFileInfo(subpath));
                }
            }
        public async Task <IDictionary <string, string> > GetSecretsAsync(IList <SecretListEntry> secretsToRetrieve)
        {
            var secretsDictionary = new ConcurrentDictionary <string, string>();

            foreach (var secret in secretsToRetrieve)
            {
                var secretValueRequest = new GetSecretValueRequest
                {
                    SecretId = secret.ARN
                };
                var secretValue = await _secretsManager.GetSecretValueAsync(secretValueRequest);

                secretsDictionary[secretValue.Name] = secretValue.SecretString;
            }
            return(secretsDictionary);
        }
Beispiel #9
0
        public static T GetSecret <T>(IAmazonSecretsManager secretManager, string secretId)
        {
            var oAuthSecretTask = secretManager.GetSecretValueAsync(new GetSecretValueRequest {
                SecretId = secretId
            });

            oAuthSecretTask.Wait();

            if (oAuthSecretTask.Result == null || string.IsNullOrWhiteSpace(oAuthSecretTask.Result.SecretString))
            {
                throw new Exception($"Missing AWS SecretsManager value for \"{secretId}\" secret");
            }

            var oAuthSecret = JsonConvert.DeserializeObject <T>(oAuthSecretTask.Result.SecretString);

            return(oAuthSecret);
        }
Beispiel #10
0
 private Amazon.SecretsManager.Model.GetSecretValueResponse CallAWSServiceOperation(IAmazonSecretsManager client, Amazon.SecretsManager.Model.GetSecretValueRequest request)
 {
     Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Secrets Manager", "GetSecretValue");
     try
     {
         #if DESKTOP
         return(client.GetSecretValue(request));
         #elif CORECLR
         return(client.GetSecretValueAsync(request).GetAwaiter().GetResult());
         #else
                 #error "Unknown build edition"
         #endif
     }
     catch (AmazonServiceException exc)
     {
         var webException = exc.InnerException as System.Net.WebException;
         if (webException != null)
         {
             throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
         }
         throw;
     }
 }
        public async Task <string> GetSecretAsync()
        {
            try
            {
                var request = new GetSecretValueRequest {
                    SecretId = secretId
                };
                var response = await client.GetSecretValueAsync(request);

                // Decrypts secret using the associated KMS CMK.
                // Depending on whether the secret is a string or binary, one of these fields will be populated.
                if (!string.IsNullOrEmpty(response.SecretString))
                {
                    return(response.SecretString);
                }

                using var reader = new StreamReader(response.SecretBinary);
                return(Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())));
            }
            catch (Exception e)
            {
                throw new SecretException(secretId, region.ToString(), e);
            }
        }
        /// <summary>
        /// Retrieves the secret value given the name of the secret to
        /// retrieve.
        /// </summary>
        /// <param name="client">The client object used to retrieve the secret
        /// value for the given secret name.</param>
        /// <param name="secretName">The name of the secret value to retrieve.</param>
        /// <returns>The GetSecretValueReponse object returned by
        /// GetSecretValueAsync.</returns>
        public static async Task <GetSecretValueResponse> GetSecretAsync(
            IAmazonSecretsManager client,
            string secretName)
        {
            GetSecretValueRequest request = new ();

            request.SecretId     = secretName;
            request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.

            GetSecretValueResponse response = null;

            // For the sake of simplicity, this example handles only the most
            // general SecretsManager exception.
            try
            {
                response = await client.GetSecretValueAsync(request);
            }
            catch (AmazonSecretsManagerException e)
            {
                Console.WriteLine($"Error: {e.Message}");
            }

            return(response);
        }
Beispiel #13
0
        public static string GetJWTSecret(IAmazonSecretsManager client)
        {
            string secretName = "JWTSecret";
            string secret     = "";

            MemoryStream memoryStream = new MemoryStream();

            GetSecretValueRequest request = new GetSecretValueRequest();

            request.SecretId     = secretName;
            request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.

            GetSecretValueResponse response = null;

            // In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
            // See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
            // We rethrow the exception by default.

            try
            {
                response = client.GetSecretValueAsync(request).Result;
            }
            catch (DecryptionFailureException e)
            {
                // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (InternalServiceErrorException e)
            {
                // An error occurred on the server side.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (InvalidParameterException e)
            {
                // You provided an invalid value for a parameter.
                // Deal with the exception here, and/or rethrow at your discretion
                throw;
            }
            catch (InvalidRequestException e)
            {
                // You provided a parameter value that is not valid for the current state of the resource.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (ResourceNotFoundException e)
            {
                // We can't find the resource that you asked for.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }
            catch (System.AggregateException ae)
            {
                // More than one of the above exceptions were triggered.
                // Deal with the exception here, and/or rethrow at your discretion.
                throw;
            }

            // Decrypts secret using the associated KMS CMK.
            // Depending on whether the secret is a string or binary, one of these fields will be populated.
            if (response.SecretString != null)
            {
                secret = response.SecretString;
                return(secret);
            }
            else
            {
                memoryStream = response.SecretBinary;
                StreamReader reader = new StreamReader(memoryStream);
                string       decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
                return(null);
            }
        }