private async Task InitKerberos()
{
Console.WriteLine($"Retrieving Kerberos keytab from AWS Secrets Manager [{this.KerberosKeytabSecretId}]");
var secretRequest = new GetSecretValueRequest {
SecretId = this.KerberosKeytabSecretId
};
var secret = await _secretsManager.GetSecretValueAsync(secretRequest);
using (secret.SecretBinary)
{
foreach (var kdc in this.KerberosRealmKdcs)
{
_km = new KerberosManager(new KerberosOptions
{
Realm = KerberosRealm,
RealmKdc = kdc,
Principal = KerberosPrincipal,
});
try
{
_km.Init(secret.SecretBinary);
return;
}
catch (Exception ex)
{
Console.WriteLine($"Exception initializing Kerberos against KDC '{kdc}': {ex}");
}
}
throw new Exception($"Unable to initialize Kerberos against any of the supplied KDCs.");
}
}
public async Task <string> GetSecretAsync()
{
try
{
string secret = "";
if (_secretsManagerCache != null)
{
secret = await _secretsManagerCache.GetSecretString(_tokenSecretName);
}
if (string.IsNullOrEmpty(secret))
{
var request = new GetSecretValueRequest
{
SecretId = _tokenSecretName,
VersionStage = "AWSCURRENT"
};
var response = await _amazonSecretsManager.GetSecretValueAsync(request);
_secretsManagerCache = new SecretsManagerCache(_amazonSecretsManager);
secret = response.SecretString;
}
return(secret);
}
catch (Exception ex)
{
_logger.LogError(ex, ex.Message, _tokenSecretName);
return("");
}
}
public DBConnectionString GetConnectionString(IAmazonSecretsManager secretsManager)
{
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = SecretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
try
{
response = secretsManager.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
DBConnectionString connectionString = null;
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
connectionString = Newtonsoft.Json.JsonConvert.DeserializeObject <DBConnectionString>(response.SecretString);
}
return(connectionString);
}
public async Task <string> GetSecret(string secretName)
{
var request = new GetSecretValueRequest
{
SecretId = secretName
};
var response = await _secretsManager.GetSecretValueAsync(request);
return(response.SecretString);
}
public async Task <string> Get(string key)
{
Console.WriteLine($"Try get: {key}");
var request = new GetSecretValueRequest
{
SecretId = key
};
var response = await _amazonSecretsManager.GetSecretValueAsync(request);
return(response.SecretString);
}
private async Task <MemoryStream> TryGetSecretAsync()
{
try
{
var secretValue = await _secretsManager.GetSecretValueAsync(new GetSecretValueRequest { SecretId = _key });
return(secretValue?.SecretBinary);
}
catch (ResourceNotFoundException)
{
// Key has not been created yet
return(null);
}
}
public IFileInfo GetFileInfo(string subpath)
{
var request = new GetSecretValueRequest();
request.SecretId = subpath;
request.VersionStage = "AWSCURRENT";
try
{
return(new AwsSecretsManagerFileInfo(_secretsManager.GetSecretValueAsync(request).GetAwaiter().GetResult()));
}
catch (ResourceNotFoundException)
{
return(new NotFoundFileInfo(subpath));
}
}
public async Task <IDictionary <string, string> > GetSecretsAsync(IList <SecretListEntry> secretsToRetrieve)
{
var secretsDictionary = new ConcurrentDictionary <string, string>();
foreach (var secret in secretsToRetrieve)
{
var secretValueRequest = new GetSecretValueRequest
{
SecretId = secret.ARN
};
var secretValue = await _secretsManager.GetSecretValueAsync(secretValueRequest);
secretsDictionary[secretValue.Name] = secretValue.SecretString;
}
return(secretsDictionary);
}
public static T GetSecret <T>(IAmazonSecretsManager secretManager, string secretId)
{
var oAuthSecretTask = secretManager.GetSecretValueAsync(new GetSecretValueRequest {
SecretId = secretId
});
oAuthSecretTask.Wait();
if (oAuthSecretTask.Result == null || string.IsNullOrWhiteSpace(oAuthSecretTask.Result.SecretString))
{
throw new Exception($"Missing AWS SecretsManager value for \"{secretId}\" secret");
}
var oAuthSecret = JsonConvert.DeserializeObject <T>(oAuthSecretTask.Result.SecretString);
return(oAuthSecret);
}
private Amazon.SecretsManager.Model.GetSecretValueResponse CallAWSServiceOperation(IAmazonSecretsManager client, Amazon.SecretsManager.Model.GetSecretValueRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Secrets Manager", "GetSecretValue");
try
{
#if DESKTOP
return(client.GetSecretValue(request));
#elif CORECLR
return(client.GetSecretValueAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
public async Task <string> GetSecretAsync()
{
try
{
var request = new GetSecretValueRequest {
SecretId = secretId
};
var response = await client.GetSecretValueAsync(request);
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (!string.IsNullOrEmpty(response.SecretString))
{
return(response.SecretString);
}
using var reader = new StreamReader(response.SecretBinary);
return(Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())));
}
catch (Exception e)
{
throw new SecretException(secretId, region.ToString(), e);
}
}
/// <summary>
/// Retrieves the secret value given the name of the secret to
/// retrieve.
/// </summary>
/// <param name="client">The client object used to retrieve the secret
/// value for the given secret name.</param>
/// <param name="secretName">The name of the secret value to retrieve.</param>
/// <returns>The GetSecretValueReponse object returned by
/// GetSecretValueAsync.</returns>
public static async Task <GetSecretValueResponse> GetSecretAsync(
IAmazonSecretsManager client,
string secretName)
{
GetSecretValueRequest request = new ();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// For the sake of simplicity, this example handles only the most
// general SecretsManager exception.
try
{
response = await client.GetSecretValueAsync(request);
}
catch (AmazonSecretsManagerException e)
{
Console.WriteLine($"Error: {e.Message}");
}
return(response);
}
public static string GetJWTSecret(IAmazonSecretsManager client)
{
string secretName = "JWTSecret";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
return(secret);
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
return(null);
}
}
