public VaultSqlCredentials(IConfiguration config) { VaultUri = new Uri(config["Vault:Uri"]);; AppRoleMountpoint = config["Vault:AppRole:Mountpoint"]; BootstrapToken = config["Vault:BootstrapToken"]; AppRoleName = config["Vault:AppRole:Name"]; DatabaseMountpoint = config["Vault:Database:Mountpoint"]; DatabaseRole = config["Vault:Database:RoleName"]; vaultClient = new VaultClient(VaultUri, BootstrapToken); Console.WriteLine($"Attempting to retrieve role id from {VaultUri}"); var roleIdResponse = vaultClient.Auth.Read <Vault.Models.Auth.AppRole.RoleIdResponse>($"{AppRoleMountpoint}/role/{AppRoleName}/role-id"); RoleId = roleIdResponse.Result.Data.RoleId; Console.WriteLine($"Attempting to retrieve secret id from {VaultUri}"); var secretIdResponse = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.SecretIdResponse>($"{AppRoleMountpoint}/role/{AppRoleName}/secret-id"); SecretId = secretIdResponse.Result.Data.SecretId; var appRole = new Vault.Models.Auth.AppRole.LoginRequest() { RoleId = RoleId, SecretId = SecretId }; Console.WriteLine($"Attempting to retrieve token from {VaultUri}"); var loginResponse = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.LoginRequest, Vault.Models.NoData>("approle/login", appRole); Token = loginResponse.Result.Auth.ClientToken; Console.WriteLine($"Token: {Token}"); if (loginResponse.Result.Auth.LeaseDuration != 0) { TokenExpiration = DateTime.Now.AddSeconds(loginResponse.Result.Auth.LeaseDuration); } vaultClient.Token = Token; var secretIdLookupRequest = new Vault.Models.Auth.AppRole.SecretIdLookupRequest { SecretId = SecretId }; Console.WriteLine($"Attempting to retrieve secret id information from {VaultUri}"); var secretInfo = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.SecretIdLookupRequest, SecretInfo>($"{AppRoleMountpoint}/role/{AppRoleName}/secret-id/lookup", secretIdLookupRequest); SecretIdExpiration = secretInfo.Result.Data.expiration_time.LocalDateTime; SecretIdNumUses = secretInfo.Result.Data.secret_id_num_uses; Console.WriteLine($"Attempting to retrieve token info from {VaultUri}"); var tokenInfoResponse = vaultClient.Auth.Read <Vault.Models.Auth.Token.LookupResponse>("token/lookup-self"); TokenUsesRemaining = tokenInfoResponse.Result.Data.NumUses; }
public void RefreshToken() { if (DateTime.Now > SecretIdExpiration || SecretIdNumUses <= 0) { vaultClient.Token = BootstrapToken; Console.WriteLine($"Secret Id Expired. Attempting to retrieve new secret id from {VaultUri}"); var secretIdResponse = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.SecretIdResponse>($"{AppRoleMountpoint}/role/{AppRoleName}/secret-id"); SecretId = secretIdResponse.Result.Data.SecretId; vaultClient.Token = Token; SecretIdNumUses = null; SecretIdExpiration = null; } if (TokenExpiration == null || TokenUsesRemaining == null || SecretIdNumUses == null || TokenUsesRemaining <= 0 || DateTime.Now > TokenExpiration) { vaultClient.Token = null; var appRole = new Vault.Models.Auth.AppRole.LoginRequest() { RoleId = RoleId, SecretId = SecretId }; Console.WriteLine($"Token Expired. Attempting to retrieve new token from {VaultUri}"); var loginResponse = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.LoginRequest, Vault.Models.NoData>("approle/login", appRole); SecretIdNumUses--; Token = loginResponse.Result.Auth.ClientToken; if (loginResponse.Result.Auth.LeaseDuration != 0) { TokenExpiration = DateTime.Now.AddSeconds(loginResponse.Result.Auth.LeaseDuration); } vaultClient.Token = Token; var secretIdLookupRequest = new Vault.Models.Auth.AppRole.SecretIdLookupRequest { SecretId = SecretId }; Console.WriteLine($"Attempting to retrieve secret id information from {VaultUri}"); var secretInfo = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.SecretIdLookupRequest, SecretInfo>($"{AppRoleMountpoint}/role/{AppRoleName}/secret-id/lookup", secretIdLookupRequest); SecretIdExpiration = secretInfo.Result.Data.expiration_time.LocalDateTime; SecretIdNumUses = secretInfo.Result.Data.secret_id_num_uses; Console.WriteLine($"Attempting to retrieve token info from {VaultUri}"); var tokenInfoResponse = vaultClient.Auth.Read <Vault.Models.Auth.Token.LookupResponse>("token/lookup-self"); TokenUsesRemaining = tokenInfoResponse.Result.Data.NumUses; } }
public void GetToken() { var vaultClient = new VaultClient { Address = VaultUri }; var appRole = new Vault.Models.Auth.AppRole.LoginRequest() { RoleId = RoleId, SecretId = SecretId }; var loginResponse = vaultClient.Auth.Write <Vault.Models.Auth.AppRole.LoginRequest, Vault.Models.NoData>("approle/login", appRole); Token = loginResponse.Result.Auth.ClientToken; }