예제 #1
0
        public static IConfigurationBuilder AddVault(this IConfigurationBuilder builder)
        {
            var buildConfig = builder.Build();

            if (buildConfig.GetSection("settings:useVault").Get <bool>())
            {
                try
                {
                    IVaultClient vaultClient = VaultClientFactory.CreateVaultClient(
                        new Uri(buildConfig["vault:address"]),
                        new AppRoleAuthenticationInfo(
                            buildConfig["vault:roleid"],
                            buildConfig["vault:secretid"]
                            )
                        );

                    var vaultSecrets = vaultClient
                                       .ReadSecretAsync(buildConfig["vault:path"])
                                       .Result.Data.Select(x => new KeyValuePair <string, string>($"vault:{x.Key}", x.Value.ToString()));

                    return(builder.AddInMemoryCollection(vaultSecrets));
                }
                catch (Exception ex)
                {
                    throw new Exception("Vault configuration failed: " + ex.Message);
                }
            }
            else
            {
                return(builder);
            }
        }
예제 #2
0
        private async Task LoadAsync()
        {
            var data = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase);

            foreach (var secretPath in _secretPaths)
            {
                var secret = await _client.ReadSecretAsync(secretPath).ConfigureAwait(false);

                var secretData = secret.Data;

                // try and guess if we're using v2 KV secrets
                if (secretData.ContainsKey(MetadataKey) &&
                    secretData.TryGetValue(DataKey, out var val) &&
                    val is IDictionary <string, JToken> v2Data)
                {
                    AddSecrets(data, secret, v2Data);
                }
                else
                {
                    AddSecrets(data, secret, secretData);
                }
            }

            Data = data;
        }
예제 #3
0
        // get latest transit key version
        public async Task <int> GetLatestTransitKeyVersion()
        {
            int keyVersion = -1;
            var resp       = await client.ReadSecretAsync(keyPath + transitKeyName);

            if (resp.Data.ContainsKey("latest_version"))
            {
                keyVersion = (int)(long)resp.Data["latest_version"];
            }

            return(keyVersion);
        }
예제 #4
0
        private async Task SecretTests()
        {
            var path = "cubbyhole/foo/test";

            var secretData = new Dictionary <string, object>
            {
                { "1", "1" },
                { "2", 2 },
                { "3", false },
            };

            await _authenticatedVaultClient.WriteSecretAsync(path, secretData);

            var secret = await _authenticatedVaultClient.ReadSecretAsync(path);

            Assert.True(secret.Data.Count == 3);

            await _authenticatedVaultClient.DeleteSecretAsync(path);

            await Assert.ThrowsAsync <Exception>(() => _authenticatedVaultClient.ReadSecretAsync(path));
        }
예제 #5
0
        /// <inheritdoc/>
        public async Task <string> GetSecretAsync(string storagePath)
        {
            var data = await _vaultClientImpl.ReadSecretAsync(storagePath);

            return(data.Data.Values.First().ToString());
        }
예제 #6
0
        public async Task <string> GetSecretAsync(string path)
        {
            var rawData = await _vaultClientImplementation.ReadSecretAsync(path);

            return(rawData.Data.Values.First().ToString());
        }