/// <inheritdoc/>
public void SeedVault()
{
_logger.LogInformation("Starting seeding HashiCopr Vault");
_logger.LogInformation("Creating Vault client");
_logger.LogInformation($"Vault Address: {_options.Server}");
IAuthenticationInfo tokenAuthenticationInfo;
if (!string.IsNullOrWhiteSpace(_options.TokenId))
{
_logger.LogInformation($"Auth Token: {_options.TokenId}");
tokenAuthenticationInfo = new TokenAuthenticationInfo(_options.TokenId);
}
else
{
_logger.LogInformation($"AppRole RoleId: {_options.RoleId}");
_logger.LogInformation($"AppRole SecretId: {_options.SecretId}");
tokenAuthenticationInfo = new AppRoleAuthenticationInfo("approle", _options.RoleId, _options.SecretId);
}
_logger.LogInformation($"Create Vault Client: {_options.Server}");
var vaultClient = VaultClientFactory.CreateVaultClient(new Uri(_options.Server), tokenAuthenticationInfo);
foreach (var item in _seeder)
{
_logger.LogDebug($"key:{item.key} -- property name: {item.values[0]} -- property value: {item.values[1]}");
var result = vaultClient.WriteSecretAsync(item.key, new Dictionary <string, object>()
{
{ item.values[0], item.values[1] }
}).Result;
_logger.LogDebug($"Result from Vault Server: {result?.ToString()}");
}
}
/// <summary>
/// Initializes a new instance with <see cref="VaultOptions"/>
/// </summary>
/// <param name="options"></param>
public HashiCorpVaultClientWrapper(VaultOptions options)
{
_options = options;
IAuthenticationInfo authInfo;
// token present so authetnication with token
if (!string.IsNullOrWhiteSpace(_options.TokenId))
{
authInfo = new TokenAuthenticationInfo(_options.TokenId);
}
else
{
authInfo = new AppRoleAuthenticationInfo("approle", _options.RoleId, _options.SecretId);
}
_vaultClientImpl = VaultClientFactory.CreateVaultClient(new Uri(_options.Server), authInfo);
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from Hashicorp Vault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vaultUri">The Vault uri with port.</param>
/// <param name="roleId">The AppRole role_id to use for authentication.</param>
/// <param name="secretId">The secret_id to use for authentication.</param>
/// <param name="secretLocationPaths">The paths for the secrets to load.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddVaultWithAppRole(
this IConfigurationBuilder configurationBuilder,
string vaultUri,
string roleId,
string secretId,
params string[] secretLocationPaths)
{
if (string.IsNullOrWhiteSpace(vaultUri))
{
throw new ArgumentException("vaultUri must be a valid URI", nameof(vaultUri));
}
if (string.IsNullOrEmpty(roleId))
{
throw new ArgumentException("roleId must not be null or empty", nameof(roleId));
}
if (string.IsNullOrEmpty(secretId))
{
throw new ArgumentException("secretId must not be null or empty", nameof(secretId));
}
var authInfo = new AppRoleAuthenticationInfo(roleId, secretId);
return(AddVault(configurationBuilder, vaultUri, authInfo, secretLocationPaths));
}
public AppRoleAuthenticationProvider(AppRoleAuthenticationInfo appRoleAuthenticationInfo, IDataAccessManager dataAccessManager, bool continueAsyncTasksOnCapturedContext = false)
{
_appRoleAuthenticationInfo = appRoleAuthenticationInfo;
_dataAccessManager = dataAccessManager;
_continueAsyncTasksOnCapturedContext = continueAsyncTasksOnCapturedContext;
}
