public VaultClientFactory(FileArgsBase args) { if (args == null) { throw new ArgumentNullException(nameof(args)); } if (String.IsNullOrEmpty(args.VaultRoleId)) { throw new ArgumentException("Vault Rold Id missing", nameof(args.VaultRoleId)); } if (String.IsNullOrEmpty(args.VaultSecretId)) { throw new ArgumentException("Vault Secret Id missing", nameof(args.VaultSecretId)); } if (String.IsNullOrEmpty(args.VaultUri)) { throw new ArgumentException("Vault VaultUri missing", nameof(args.VaultUri)); } IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(args.VaultRoleId, secretId: args.VaultSecretId); _vaultClientSettings = new VaultClientSettings(args.VaultUri, authMethod) { VaultServiceTimeout = TimeSpan.FromMinutes(5) }; }
static async Task Main(string[] args) { // limited permissions. hidden in env variables, typically injected var roleId = Environment.GetEnvironmentVariable("ROLEID"); var secretId = Environment.GetEnvironmentVariable("VAULTSECRET"); IVaultClient vaultClient = null; try{ // Get the approle token IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(roleId, secretId); var vaultClientSettings = new VaultClientSettings("http://127.0.0.1:8200", authMethod); vaultClient = new VaultClient(vaultClientSettings); } catch (Exception e) { // Failed to get Vault token Console.WriteLine(String.Format("An error occurred authenticating: {0}", e.Message)); throw; } try{ //Get the secret and print it Secret <Dictionary <string, object> > kv1Secret = await vaultClient.V1.Secrets.KeyValue.V1.ReadSecretAsync("data/testdata/universe", "secret"); Dictionary <string, object> dataDictionary = kv1Secret.Data; JsonDocument jsonObj = JsonDocument.Parse(dataDictionary["data"].ToString()); Console.WriteLine(String.Format("The answer is {0}.", jsonObj.RootElement.GetProperty("theanswer"))); } catch (Exception e) { //Failed to get the secret or format it. Console.WriteLine(String.Format("An error pulling or parsing the secret: {0}", e.Message)); throw; } }
/// <inheritdoc/> public override void Load() { try { IAuthMethodInfo authMethod; if (!string.IsNullOrEmpty(this._source.Options.VaultRoleId) && !string.IsNullOrEmpty(this._source.Options.VaultSecret)) { authMethod = new AppRoleAuthMethodInfo( this._source.Options.VaultRoleId, this._source.Options.VaultSecret); } else { authMethod = new TokenAuthMethodInfo(this._source.Options.VaultToken); } var vaultClientSettings = new VaultClientSettings(this._source.Options.VaultAddress, authMethod) { UseVaultTokenHeaderInsteadOfAuthorizationHeader = true, }; IVaultClient vaultClient = new VaultClient(vaultClientSettings); using var ctx = new JoinableTaskContext(); var jtf = new JoinableTaskFactory(ctx); jtf.RunAsync( async() => { await this.LoadVaultDataAsync(vaultClient).ConfigureAwait(true); }).Join(); } catch (Exception e) when(e is VaultApiException || e is System.Net.Http.HttpRequestException) { this._logger?.Log(LogLevel.Error, e, "Cannot load configuration from Vault"); } }
public AppRoleVaultSharpService(IOptions <VaultSettings> options) { var configuration = options.Value; var authMethod = new AppRoleAuthMethodInfo(configuration.AppRoleId, configuration.AppRoleSecret); var settings = new VaultClientSettings(configuration.VaultEndpointUri, authMethod); VaultClient = new VaultClient(settings); }
public void GoodArgsDoesNotThrow(IFixture fixture) { var args = fixture.Build <FileArgsBase>() .With(f => f.VaultUri, "http://localhost/") .Create(); var sut = new VaultClientFactory(args); IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(args.VaultRoleId, secretId: args.VaultSecretId); var expectedSettings = new VaultClientSettings(args.VaultUri, authMethod) { VaultServiceTimeout = TimeSpan.FromMinutes(5) }; var client = sut.GetClient(); client.Settings.Should().BeEquivalentTo(expectedSettings); }
public static IConfigurationBuilder AddVault(this IConfigurationBuilder builder) { IConfigurationRoot buildConfig = builder.Build(); //IAuthMethodInfo authenticationInfo = new TokenAuthMethodInfo(VaultAccessToken); IAuthMethodInfo authenticationInfo = new AppRoleAuthMethodInfo(VaultRoleId, VaultSecretId); VaultClientSettings vaultClientSettings = new VaultClientSettings(VaultServerUri, authenticationInfo); IVaultClient client = new VaultClient(vaultClientSettings); SecretData appSecrets = client.V1.Secrets.KeyValue.V2.ReadSecretAsync("applications/vault-test").GetAwaiter().GetResult().Data; IEnumerable <KeyValuePair <string, string> > secretsForConfiguration = appSecrets.Data.Select(x => new KeyValuePair <string, string>($"vault-startup:{x.Key}", x.Value.ToString())); return(builder.AddInMemoryCollection(secretsForConfiguration)); }
public void AddVaultWithAuthMethodInfo_AddsSource() { // Arrange var authMethodInfo = new AppRoleAuthMethodInfo(_vaultConfigurationRoleId, _vaultConfigurationSecretId); var configuration = new ConfigurationBuilder(); // Act configuration.AddVaultWithAuthMethodInfo( _vaultConfigurationUrl, authMethodInfo, _vaultConfigurationMountPoint, _vaultConfigurationSecretPath ); // Assert Assert.IsNotNull(configuration); Assert.IsNotNull(configuration.Sources); Assert.AreEqual(1, configuration.Sources.Count); }
private IVaultClient CreateVaultClient() { IAuthMethodInfo authMethod; switch (_context.AuthenticationType) { case AuthenticationType.AppRole: authMethod = new AppRoleAuthMethodInfo(_context.RoleId, _context.SecretId); break; case AuthenticationType.UsernamePassword: authMethod = new UserPassAuthMethodInfo(_context.Username, _context.Password); break; case AuthenticationType.Ldap: authMethod = new LDAPAuthMethodInfo(_context.Username, _context.Password); break; case AuthenticationType.Token: authMethod = new TokenAuthMethodInfo(_context.Token); break; default: throw new NotSupportedException($"Authentication type '{_context.AuthenticationType}' is not supported."); } var vaultClientSettings = new VaultClientSettings(_context.VaultUri.ToString(), authMethod) { VaultServiceTimeout = TimeSpan.FromSeconds(30) }; if (!string.IsNullOrWhiteSpace(_context.Namespace)) { vaultClientSettings.Namespace = _context.Namespace; } return(new VaultClient(vaultClientSettings)); }