private async Task ContinueInitialization() { logger.LogInformation("Checking Vault Init Status"); var vc = new VaultClient(vaultClientSettings); if (!await vc.V1.System.GetInitStatusAsync()) { logger.LogInformation("Vault not Initialized... Initializing"); await Init(); } else { if (shardFile.Exists) { logger.LogInformation("Shard file exists"); using (var shard = new SecureString()) { foreach (char c in File.OpenText(shardFile.FullName).ReadToEnd().ToCharArray()) { shard.AppendChar(c); } await Unseal(shard); } } else { logger.LogWarning("Unable to find Vault shard file."); } if (serviceTokenFile.Exists) { logger.LogInformation("Service token file exists"); var serviceTokenJson = await File.ReadAllTextAsync(serviceTokenFile.FullName); serviceToken = JsonConvert.DeserializeObject <VaultTokenCreateResponseAuth>(serviceTokenJson); } else { throw new Exception("Error: Vault is initialized but required service token is missing."); } } using (var ct = serviceToken.client_token.ToSecureString()) { await AskForVaultUnseal(ct); } }
public async Task Init() { logger.LogInformation($"Initializing Vault with {secretThreshold} of {secretShares} secret shares."); var vc = new VaultClient(vaultClientSettings); var initResponse = await vc.V1.System.InitAsync(new InitOptions { SecretShares = secretShares, SecretThreshold = secretThreshold, }); var userKeys = initResponse.MasterKeys.OfType <string>().ToList().Skip(1).ToArray(); var serviceShard = initResponse.MasterKeys.First(); logger.LogInformation("Writing Vault Shard to disk"); File.WriteAllText(shardFile.FullName, serviceShard); logger.LogInformation("Printing secret shares to User"); WriteKeys(userKeys); logger.LogInformation("Temporarily unsealing the Vault to continue setup process"); // Unseal Vault so we can create the policy. for (int i = 0; i < secretThreshold; ++i) { using (var mk = initResponse.MasterKeys[i].ToSecureString()) { await Unseal(mk, true); } } logger.LogInformation("Logging in using root token"); using (var rt = initResponse.RootToken.ToSecureString()) { await CreateVaultServicePolicyAsync(rt); serviceToken = await CreateVaultServiceToken(rt); var vaultServiceSerialized = JsonConvert.SerializeObject(serviceToken); logger.LogInformation("Writing Vault Service Token to disk"); File.WriteAllText(serviceTokenFile.FullName, vaultServiceSerialized); await CreateTemplatedWalletPolicyAsync(rt); await EnableUserpassAuth(rt); logger.LogInformation("Revoking root token"); await RevokeToken(rt); // Reseal the Vault. logger.LogInformation("Sealing the Vault"); await Seal(rt); } using (var ss = serviceShard.ToSecureString()) { // Partially unseal using the stored shard await Unseal(ss); } }