/// <inheritdoc/> public void SeedVault() { _logger.LogInformation("Starting seeding HashiCopr Vault"); _logger.LogInformation("Creating Vault client"); _logger.LogInformation($"Vault Address: {_options.Server}"); IAuthenticationInfo tokenAuthenticationInfo; if (!string.IsNullOrWhiteSpace(_options.TokenId)) { _logger.LogInformation($"Auth Token: {_options.TokenId}"); tokenAuthenticationInfo = new TokenAuthenticationInfo(_options.TokenId); } else { _logger.LogInformation($"AppRole RoleId: {_options.RoleId}"); _logger.LogInformation($"AppRole SecretId: {_options.SecretId}"); tokenAuthenticationInfo = new AppRoleAuthenticationInfo("approle", _options.RoleId, _options.SecretId); } _logger.LogInformation($"Create Vault Client: {_options.Server}"); var vaultClient = VaultClientFactory.CreateVaultClient(new Uri(_options.Server), tokenAuthenticationInfo); foreach (var item in _seeder) { _logger.LogDebug($"key:{item.key} -- property name: {item.values[0]} -- property value: {item.values[1]}"); var result = vaultClient.WriteSecretAsync(item.key, new Dictionary <string, object>() { { item.values[0], item.values[1] } }).Result; _logger.LogDebug($"Result from Vault Server: {result?.ToString()}"); } }
/// <summary> /// Initializes a new instance with <see cref="VaultOptions"/> /// </summary> /// <param name="options"></param> public HashiCorpVaultClientWrapper(VaultOptions options) { _options = options; IAuthenticationInfo authInfo; // token present so authetnication with token if (!string.IsNullOrWhiteSpace(_options.TokenId)) { authInfo = new TokenAuthenticationInfo(_options.TokenId); } else { authInfo = new AppRoleAuthenticationInfo("approle", _options.RoleId, _options.SecretId); } _vaultClientImpl = VaultClientFactory.CreateVaultClient(new Uri(_options.Server), authInfo); }
/// <summary> /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from Hashicorp Vault. /// </summary> /// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param> /// <param name="vaultUri">The Vault uri with port.</param> /// <param name="roleId">The AppRole role_id to use for authentication.</param> /// <param name="secretId">The secret_id to use for authentication.</param> /// <param name="secretLocationPaths">The paths for the secrets to load.</param> /// <returns>The <see cref="IConfigurationBuilder"/>.</returns> public static IConfigurationBuilder AddVaultWithAppRole( this IConfigurationBuilder configurationBuilder, string vaultUri, string roleId, string secretId, params string[] secretLocationPaths) { if (string.IsNullOrWhiteSpace(vaultUri)) { throw new ArgumentException("vaultUri must be a valid URI", nameof(vaultUri)); } if (string.IsNullOrEmpty(roleId)) { throw new ArgumentException("roleId must not be null or empty", nameof(roleId)); } if (string.IsNullOrEmpty(secretId)) { throw new ArgumentException("secretId must not be null or empty", nameof(secretId)); } var authInfo = new AppRoleAuthenticationInfo(roleId, secretId); return(AddVault(configurationBuilder, vaultUri, authInfo, secretLocationPaths)); }
public AppRoleAuthenticationProvider(AppRoleAuthenticationInfo appRoleAuthenticationInfo, IDataAccessManager dataAccessManager, bool continueAsyncTasksOnCapturedContext = false) { _appRoleAuthenticationInfo = appRoleAuthenticationInfo; _dataAccessManager = dataAccessManager; _continueAsyncTasksOnCapturedContext = continueAsyncTasksOnCapturedContext; }