private static async Task AddVaultAsync(this IConfigurationBuilder builder, VaultOptions options)
{
VerifyOptions(options);
var(client, _) = GetClientAndSettings(options);
if (options.Kv is null || !options.Kv.Enabled)
{
return;
}
var kvPath = options.Kv?.Path;
if (string.IsNullOrWhiteSpace(kvPath))
{
throw new VaultException("Vault KV secret path can not be empty.");
}
Console.WriteLine($"Loading settings from Vault: '{options.Url}', KV path: '{kvPath}'.");
var keyValueSecrets = new KeyValueSecrets(client, options);
var secret = await keyValueSecrets.GetAsync(kvPath);
var parser = new JsonParser();
var data = parser.Parse(JObject.FromObject(secret));
var source = new MemoryConfigurationSource {
InitialData = data
};
builder.Add(source);
}
private static void VerifyOptions(VaultOptions options)
{
if (options.Kv is null)
{
return;
}
if (options.Kv.EngineVersion > 2 || options.Kv.EngineVersion < 0)
{
throw new VaultException($"Invalid KV engine version: {options.Kv.EngineVersion} (available: 1 or 2).");
}
if (options.Kv.EngineVersion == 0)
{
options.Kv.EngineVersion = 2;
}
}
public KeyValueSecrets(IVaultClient client, VaultOptions options)
{
_client = client;
_options = options;
}
private static IAuthMethodInfo GetAuthMethod(VaultOptions options)
=> options.AuthType?.ToLowerInvariant() switch
{
"token" => new TokenAuthMethodInfo(options.Token),
private static (IVaultClient client, VaultClientSettings settings) GetClientAndSettings(VaultOptions options)
{
var settings = new VaultClientSettings(options.Url, GetAuthMethod(options));
var client = new VaultClient(settings);
return(client, settings);
}
