private async Task InitKerberos() { Console.WriteLine($"Retrieving Kerberos keytab from AWS Secrets Manager [{this.KerberosKeytabSecretId}]"); var secretRequest = new GetSecretValueRequest { SecretId = this.KerberosKeytabSecretId }; var secret = await _secretsManager.GetSecretValueAsync(secretRequest); using (secret.SecretBinary) { foreach (var kdc in this.KerberosRealmKdcs) { _km = new KerberosManager(new KerberosOptions { Realm = KerberosRealm, RealmKdc = kdc, Principal = KerberosPrincipal, }); try { _km.Init(secret.SecretBinary); return; } catch (Exception ex) { Console.WriteLine($"Exception initializing Kerberos against KDC '{kdc}': {ex}"); } } throw new Exception($"Unable to initialize Kerberos against any of the supplied KDCs."); } }
public async Task <string> GetSecretAsync() { try { string secret = ""; if (_secretsManagerCache != null) { secret = await _secretsManagerCache.GetSecretString(_tokenSecretName); } if (string.IsNullOrEmpty(secret)) { var request = new GetSecretValueRequest { SecretId = _tokenSecretName, VersionStage = "AWSCURRENT" }; var response = await _amazonSecretsManager.GetSecretValueAsync(request); _secretsManagerCache = new SecretsManagerCache(_amazonSecretsManager); secret = response.SecretString; } return(secret); } catch (Exception ex) { _logger.LogError(ex, ex.Message, _tokenSecretName); return(""); } }
public DBConnectionString GetConnectionString(IAmazonSecretsManager secretsManager) { GetSecretValueRequest request = new GetSecretValueRequest(); request.SecretId = SecretName; request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified. GetSecretValueResponse response = null; try { response = secretsManager.GetSecretValueAsync(request).Result; } catch (DecryptionFailureException) { // Secrets Manager can't decrypt the protected secret text using the provided KMS key. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (InternalServiceErrorException) { // An error occurred on the server side. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (InvalidParameterException) { // You provided an invalid value for a parameter. // Deal with the exception here, and/or rethrow at your discretion throw; } catch (InvalidRequestException) { // You provided a parameter value that is not valid for the current state of the resource. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (ResourceNotFoundException) { // We can't find the resource that you asked for. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (System.AggregateException) { // More than one of the above exceptions were triggered. // Deal with the exception here, and/or rethrow at your discretion. throw; } DBConnectionString connectionString = null; // Decrypts secret using the associated KMS CMK. // Depending on whether the secret is a string or binary, one of these fields will be populated. if (response.SecretString != null) { connectionString = Newtonsoft.Json.JsonConvert.DeserializeObject <DBConnectionString>(response.SecretString); } return(connectionString); }
public async Task <string> GetSecret(string secretName) { var request = new GetSecretValueRequest { SecretId = secretName }; var response = await _secretsManager.GetSecretValueAsync(request); return(response.SecretString); }
public async Task <string> Get(string key) { Console.WriteLine($"Try get: {key}"); var request = new GetSecretValueRequest { SecretId = key }; var response = await _amazonSecretsManager.GetSecretValueAsync(request); return(response.SecretString); }
private async Task <MemoryStream> TryGetSecretAsync() { try { var secretValue = await _secretsManager.GetSecretValueAsync(new GetSecretValueRequest { SecretId = _key }); return(secretValue?.SecretBinary); } catch (ResourceNotFoundException) { // Key has not been created yet return(null); } }
public IFileInfo GetFileInfo(string subpath) { var request = new GetSecretValueRequest(); request.SecretId = subpath; request.VersionStage = "AWSCURRENT"; try { return(new AwsSecretsManagerFileInfo(_secretsManager.GetSecretValueAsync(request).GetAwaiter().GetResult())); } catch (ResourceNotFoundException) { return(new NotFoundFileInfo(subpath)); } }
public async Task <IDictionary <string, string> > GetSecretsAsync(IList <SecretListEntry> secretsToRetrieve) { var secretsDictionary = new ConcurrentDictionary <string, string>(); foreach (var secret in secretsToRetrieve) { var secretValueRequest = new GetSecretValueRequest { SecretId = secret.ARN }; var secretValue = await _secretsManager.GetSecretValueAsync(secretValueRequest); secretsDictionary[secretValue.Name] = secretValue.SecretString; } return(secretsDictionary); }
public static T GetSecret <T>(IAmazonSecretsManager secretManager, string secretId) { var oAuthSecretTask = secretManager.GetSecretValueAsync(new GetSecretValueRequest { SecretId = secretId }); oAuthSecretTask.Wait(); if (oAuthSecretTask.Result == null || string.IsNullOrWhiteSpace(oAuthSecretTask.Result.SecretString)) { throw new Exception($"Missing AWS SecretsManager value for \"{secretId}\" secret"); } var oAuthSecret = JsonConvert.DeserializeObject <T>(oAuthSecretTask.Result.SecretString); return(oAuthSecret); }
private Amazon.SecretsManager.Model.GetSecretValueResponse CallAWSServiceOperation(IAmazonSecretsManager client, Amazon.SecretsManager.Model.GetSecretValueRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Secrets Manager", "GetSecretValue"); try { #if DESKTOP return(client.GetSecretValue(request)); #elif CORECLR return(client.GetSecretValueAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
public async Task <string> GetSecretAsync() { try { var request = new GetSecretValueRequest { SecretId = secretId }; var response = await client.GetSecretValueAsync(request); // Decrypts secret using the associated KMS CMK. // Depending on whether the secret is a string or binary, one of these fields will be populated. if (!string.IsNullOrEmpty(response.SecretString)) { return(response.SecretString); } using var reader = new StreamReader(response.SecretBinary); return(Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()))); } catch (Exception e) { throw new SecretException(secretId, region.ToString(), e); } }
/// <summary> /// Retrieves the secret value given the name of the secret to /// retrieve. /// </summary> /// <param name="client">The client object used to retrieve the secret /// value for the given secret name.</param> /// <param name="secretName">The name of the secret value to retrieve.</param> /// <returns>The GetSecretValueReponse object returned by /// GetSecretValueAsync.</returns> public static async Task <GetSecretValueResponse> GetSecretAsync( IAmazonSecretsManager client, string secretName) { GetSecretValueRequest request = new (); request.SecretId = secretName; request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified. GetSecretValueResponse response = null; // For the sake of simplicity, this example handles only the most // general SecretsManager exception. try { response = await client.GetSecretValueAsync(request); } catch (AmazonSecretsManagerException e) { Console.WriteLine($"Error: {e.Message}"); } return(response); }
public static string GetJWTSecret(IAmazonSecretsManager client) { string secretName = "JWTSecret"; string secret = ""; MemoryStream memoryStream = new MemoryStream(); GetSecretValueRequest request = new GetSecretValueRequest(); request.SecretId = secretName; request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified. GetSecretValueResponse response = null; // In this sample we only handle the specific exceptions for the 'GetSecretValue' API. // See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html // We rethrow the exception by default. try { response = client.GetSecretValueAsync(request).Result; } catch (DecryptionFailureException e) { // Secrets Manager can't decrypt the protected secret text using the provided KMS key. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (InternalServiceErrorException e) { // An error occurred on the server side. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (InvalidParameterException e) { // You provided an invalid value for a parameter. // Deal with the exception here, and/or rethrow at your discretion throw; } catch (InvalidRequestException e) { // You provided a parameter value that is not valid for the current state of the resource. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (ResourceNotFoundException e) { // We can't find the resource that you asked for. // Deal with the exception here, and/or rethrow at your discretion. throw; } catch (System.AggregateException ae) { // More than one of the above exceptions were triggered. // Deal with the exception here, and/or rethrow at your discretion. throw; } // Decrypts secret using the associated KMS CMK. // Depending on whether the secret is a string or binary, one of these fields will be populated. if (response.SecretString != null) { secret = response.SecretString; return(secret); } else { memoryStream = response.SecretBinary; StreamReader reader = new StreamReader(memoryStream); string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())); return(null); } }