private async Task ContinueInitialization()
{
logger.LogInformation("Checking Vault Init Status");
var vc = new VaultClient(vaultClientSettings);
if (!await vc.V1.System.GetInitStatusAsync())
{
logger.LogInformation("Vault not Initialized... Initializing");
await Init();
}
else
{
if (shardFile.Exists)
{
logger.LogInformation("Shard file exists");
using (var shard = new SecureString())
{
foreach (char c in File.OpenText(shardFile.FullName).ReadToEnd().ToCharArray())
{
shard.AppendChar(c);
}
await Unseal(shard);
}
}
else
{
logger.LogWarning("Unable to find Vault shard file.");
}
if (serviceTokenFile.Exists)
{
logger.LogInformation("Service token file exists");
var serviceTokenJson = await File.ReadAllTextAsync(serviceTokenFile.FullName);
serviceToken = JsonConvert.DeserializeObject <VaultTokenCreateResponseAuth>(serviceTokenJson);
}
else
{
throw new Exception("Error: Vault is initialized but required service token is missing.");
}
}
using (var ct = serviceToken.client_token.ToSecureString())
{
await AskForVaultUnseal(ct);
}
}
public async Task Init()
{
logger.LogInformation($"Initializing Vault with {secretThreshold} of {secretShares} secret shares.");
var vc = new VaultClient(vaultClientSettings);
var initResponse = await vc.V1.System.InitAsync(new InitOptions
{
SecretShares = secretShares,
SecretThreshold = secretThreshold,
});
var userKeys = initResponse.MasterKeys.OfType <string>().ToList().Skip(1).ToArray();
var serviceShard = initResponse.MasterKeys.First();
logger.LogInformation("Writing Vault Shard to disk");
File.WriteAllText(shardFile.FullName, serviceShard);
logger.LogInformation("Printing secret shares to User");
WriteKeys(userKeys);
logger.LogInformation("Temporarily unsealing the Vault to continue setup process");
// Unseal Vault so we can create the policy.
for (int i = 0; i < secretThreshold; ++i)
{
using (var mk = initResponse.MasterKeys[i].ToSecureString())
{
await Unseal(mk, true);
}
}
logger.LogInformation("Logging in using root token");
using (var rt = initResponse.RootToken.ToSecureString())
{
await CreateVaultServicePolicyAsync(rt);
serviceToken = await CreateVaultServiceToken(rt);
var vaultServiceSerialized = JsonConvert.SerializeObject(serviceToken);
logger.LogInformation("Writing Vault Service Token to disk");
File.WriteAllText(serviceTokenFile.FullName, vaultServiceSerialized);
await CreateTemplatedWalletPolicyAsync(rt);
await EnableUserpassAuth(rt);
logger.LogInformation("Revoking root token");
await RevokeToken(rt);
// Reseal the Vault.
logger.LogInformation("Sealing the Vault");
await Seal(rt);
}
using (var ss = serviceShard.ToSecureString())
{
// Partially unseal using the stored shard
await Unseal(ss);
}
}
