public static async Task <string> GetSecret()
{
const string secretName = "Test";
const string region = "us-east-2";
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
var request = new GetSecretValueRequest {
SecretId = secretName
};
var response = await client.GetSecretValueAsync(request);
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
return(response.SecretString);
}
else
{
using var memoryStream = response.SecretBinary;
using var reader = new StreamReader(memoryStream);
var result = await reader.ReadToEndAsync();
return(Encoding.UTF8.GetString(Convert.FromBase64String(result)));
}
}
public void SecretsManagerDescribeSecret()
{
#region to-retrieve-the-details-of-a-secret-1524000138629
var client = new AmazonSecretsManagerClient();
var response = client.DescribeSecret(new DescribeSecretRequest
{
SecretId = "MyTestDatabaseSecret"
});
string arn = response.ARN;
string description = response.Description;
string kmsKeyId = response.KmsKeyId;
DateTime lastAccessedDate = response.LastAccessedDate;
DateTime lastChangedDate = response.LastChangedDate;
DateTime lastRotatedDate = response.LastRotatedDate;
string name = response.Name;
bool rotationEnabled = response.RotationEnabled;
string rotationLambdaARN = response.RotationLambdaARN;
RotationRulesType rotationRules = response.RotationRules;
List <Tag> tags = response.Tags;
Dictionary <string, List <string> > versionIdsToStages = response.VersionIdsToStages;
#endregion
}
public static IServiceCollection AddPostMortemContext(this IServiceCollection services)
{
string connectionString = "";
if (!string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("AWS_REGION")))
{
using (var client = new AmazonSecretsManagerClient())
{
var request = new GetSecretValueRequest()
{
SecretId = "PostMortem/Db"
};
var response = client.GetSecretValueAsync(request).Result;
var responseDict = JsonConvert.DeserializeObject <Dictionary <string, string> >(response.SecretString);
connectionString = responseDict["connectionstring"];
}
}
else
{
connectionString = "server=localhost;database=postmortem;user=root;password=mysql;SslMode=None";
}
services.AddDbContext <PostMortemContext>(o => o.UseMySql(connectionString));
return(services);
}
public void OneTimeSetUp()
{
_testServer = new TestServer();
_httpClient = _testServer.CreateClient();
var secretsClient = new AmazonSecretsManagerClient(RegionEndpoint.USWest2);
var secretResponse = secretsClient.GetSecretValueAsync(new GetSecretValueRequest
{
SecretId = TestUserSecretId
}).Result;
_testUserCreds = JsonConvert.DeserializeObject <TestUserCreds>(secretResponse.SecretString);
_emailAdapter = new EmailAdapter();
_user = new AwsCognitoUser
{
FirstName = "test",
LastName = "user",
PhoneNumber = "+12223334444",
UserName = _testUserCreds.TraceTestUserEmail,
Password = _testUserCreds.TraceTestUserPassword
};
var serviceProvider = _testServer.GetTestServiceProvider();
_authAdapter = serviceProvider.GetRequiredService <IAuthAdapter>();
_httpHandler = new HttpHandler(_clientConfig, _httpClient);
_apiClient = new TraceApiClient(_httpHandler);
}
public override void Load()
{
var config = new AWSSecretsConfiguration();
ConfigAction(config);
MemoryStream memoryStream = new MemoryStream();
// Initialize an empty secret store
Data = new Dictionary <string, string>();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(config.Region));
foreach (var secretId in config.Secrets)
{
var request = new GetSecretValueRequest {
SecretId = secretId
};
var response = Task.Run(() => client.GetSecretValueAsync(request)).Result;
var data = JsonConvert.DeserializeObject <Dictionary <string, string> >(response.SecretString);
foreach (var kvp in data)
{
Data.Add($"{secretId}:{kvp.Key}", kvp.Value);
}
}
}
private async Task <Boolean> GetSecrets()
{
IAmazonSecretsManager client = new AmazonSecretsManagerClient(primaryRegion);
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = secretAlias;
try
{
GetSecretValueResponse response = await client.GetSecretValueAsync(request);
secrets = JsonConvert.DeserializeObject <Secrets>(response.SecretString);
return(true);
}
catch (Exception error)
{
await SendFailureAsync("GetSecrets", error.Message);
Console.WriteLine("ERROR : GetSecretValue : " + error.Message);
Console.WriteLine("ERROR : GetSecretValue : " + error.StackTrace);
return(false);
}
}
public void SetVaultCredential(string credential)
{
if (_configuration != null)
{
try
{
_logger.Information($"Configuring plugin {Name} for the AWS vault");
var region = Amazon.RegionEndpoint.GetBySystemName(_configuration[AwsRegion]);
if (region.DisplayName == "Unknown")
{
throw new Exception("Specified region is unknown.");
}
var accessKeyId = _configuration[AccessKeyId];
//this client doesn't create a connection until it is used.
_awsClient = new AmazonSecretsManagerClient(accessKeyId, credential, region);
_logger.Information($"Plugin {Name} has been successfully configured for the AWS vault.");
}
catch (Exception ex)
{
_logger.Error(ex, $"Plugin configuration failed: {ex.Message}");
}
}
else
{
_logger.Error("The plugin is missing the configuration.");
}
}
public static string Get(string secretName)
{
var config = new AmazonSecretsManagerConfig {
RegionEndpoint = RegionEndpoint.USEast1
};
var credentials = new StoredProfileAWSCredentials("getSecretForRdsUser");
var client = new AmazonSecretsManagerClient(credentials, config);
var request = new GetSecretValueRequest
{
SecretId = secretName
};
GetSecretValueResponse response = null;
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (ResourceNotFoundException)
{
Console.WriteLine("The requested secret " + secretName + " was not found");
}
catch (InvalidRequestException e)
{
Console.WriteLine("The request was invalid due to: " + e.Message);
}
catch (InvalidParameterException e)
{
Console.WriteLine("The request had invalid params: " + e.Message);
}
return(response?.SecretString);
}
/// <summary>
/// Creates a new Secrets Manager client using the provided profile information
/// </summary>
/// <param name="profileName"></param>
/// <param name="awsRegionSystemName"></param>
/// <returns></returns>
public virtual AmazonSecretsManagerClient SetSecretClient(RegionEndpoint region, string profileName)
{
if (string.IsNullOrEmpty(profileName))
{
profileName = "default";
}
_logger.Info(string.Format(DeploySoftware_LaunchPad_AWS_Resources.SecretHelper_GetSecretClient_ProfileName, profileName));
_logger.Info(string.Format(DeploySoftware_LaunchPad_AWS_Resources.SecretHelper_GetSecretClient_Region, profileName));
AmazonSecretsManagerClient client = null;
try
{
var credentials = GetAwsCredentials(profileName);
client = new AmazonSecretsManagerClient(credentials, region);
}
catch (AmazonSecretsManagerException smEx)
{
_logger.Info(string.Format(DeploySoftware_LaunchPad_AWS_Resources.SecretHelper_GetSecretClient_Exception_GetAwsCredentials, smEx.Message));
}
if (client == null) // try to load using local environment or EC2 information
{
_logger.Info(DeploySoftware_LaunchPad_AWS_Resources.SecretHelper_GetSecretClient_SecretClient_IsNull);
client = SetSecretClient(region);
}
return(client);
}
public static async Task <Secrets> GetSecretAsync()
{
string secretName = "dotnet-twitter-bot";
string region = "ap-southeast-2";
using (var client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region)))
{
var request = new GetSecretValueRequest()
{
SecretId = secretName
};
GetSecretValueResponse response = await client.GetSecretValueAsync(request);
string secret = null;
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
using (var reader = new StreamReader(response.SecretBinary))
{
secret = Encoding.UTF8.GetString(Convert.FromBase64String(await reader.ReadToEndAsync()));
}
}
return(JsonConvert.DeserializeObject <Secrets>(secret));
}
}
private static async Task <string> GetConnectionString()
{
if (string.IsNullOrEmpty(ConnectionString))
{
var endpoint = _configuration["rdsendpoint"];
var secretArn = _configuration["rdssecretarn"];
var client = new AmazonSecretsManagerClient();
var response = await client.GetSecretValueAsync(new GetSecretValueRequest()
{
SecretId = secretArn
});
var secret = JsonDocument.Parse(response.SecretString).RootElement;
var username = secret.GetProperty("username").GetString();
var password = secret.GetProperty("password").GetString();
var builder = new SqlConnectionStringBuilder
{
DataSource = endpoint,
InitialCatalog = "adoptions",
UserID = username,
Password = password
};
ConnectionString = builder.ConnectionString;
}
return(ConnectionString);
}
static string ObtainRuntimeIdentitySecret(IConfiguration config)
{
var request = new GetSecretValueRequest {
SecretId = config["Aws:Secrets:Id"]
};
try
{
using (var client = new AmazonSecretsManagerClient(
RuntimeIdentity.Credentials,
RuntimeIdentity.Region))
{
var response = client.GetSecretValueAsync(request).RiskDeadlockAndAwaitResult();
if (response.SecretString.IsEmpty())
{
throw new Exception("AWS SecretString was empty!");
}
return(response.SecretString);
}
}
catch (Exception ex)
{
throw new Exception("Failed to obtain the AWS secret: " + request.SecretId, ex);
}
}
public string Get(string secretName)
{
var config = new AmazonSecretsManagerConfig {
RegionEndpoint = RegionEndpoint.APSoutheast1
};
var client = new AmazonSecretsManagerClient(config);
var request = new GetSecretValueRequest
{
SecretId = secretName
};
GetSecretValueResponse response = null;
try
{
response = Task.Run(async() => await client.GetSecretValueAsync(request)).Result;
}
catch (ResourceNotFoundException)
{
Console.WriteLine("The requested secret " + secretName + " was not found");
}
catch (InvalidRequestException e)
{
Console.WriteLine("The request was invalid due to: " + e.Message);
}
catch (InvalidParameterException e)
{
Console.WriteLine("The request had invalid params: " + e.Message);
}
return(response?.SecretString);
}
internal static void SetSecret(AmazonSecretsManagerClient client, string secretId, string token)
{
Console.WriteLine("Attempting to retrieve secret value for AWSPENDING " + token);
var pendingSecretValue = JsonConvert.DeserializeObject <SecretString>(GetSecret(client, secretId, "AWSPENDING", token).SecretString);
Console.WriteLine("Attempting to retrieve secret value for AWSCURRENT");
var currentSecretValue = JsonConvert.DeserializeObject <SecretString>(GetSecret(client, secretId, "AWSCURRENT").SecretString);
string connectionString =
$"Server=tcp:{currentSecretValue.Host},{currentSecretValue.Port};Initial Catalog={currentSecretValue.DbName};Persist Security Info=True;" +
$"User ID={currentSecretValue.Username};Password={currentSecretValue.Password}";
//Using SMO as T-SQL methods forced to use dynamic SQL and had various possible SQL Injection routes
var connection = new ServerConnection(new SqlConnection(connectionString));
var server = new Server(connection);
var logins = server.Logins;
foreach (Login user in logins)
{
if (user.Name.ToLower() == currentSecretValue.Username.ToLower())
{
user.ChangePassword(currentSecretValue.Password, pendingSecretValue.Password);
user.Alter();
user.Refresh();
Console.WriteLine($"Successfully changed password for username {currentSecretValue.Username}");
break;
}
}
}
void Download()
{
var request = new GetSecretValueRequest {
SecretId = SecretId
};
try
{
using (var client = new AmazonSecretsManagerClient(
RuntimeIdentity.Credentials,
RuntimeIdentity.Region))
{
var response = client.GetSecretValueAsync(request).RiskDeadlockAndAwaitResult();
if (response.SecretString.IsEmpty())
{
throw new Exception("AWS SecretString was empty!");
}
SecretString = response.SecretString;
}
}
catch (Exception ex)
{
throw new Exception("Failed to obtain the AWS secret: " + request.SecretId, ex);
}
}
public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems)
{
AmazonSecretsManagerConfig config = new AmazonSecretsManagerConfig();
config.RegionEndpoint = region;
ConfigureClient(config);
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient(creds, config);
ListSecretsResponse resp = new ListSecretsResponse();
do
{
ListSecretsRequest req = new ListSecretsRequest
{
NextToken = resp.NextToken
,
MaxResults = maxItems
};
resp = client.ListSecrets(req);
CheckError(resp.HttpStatusCode, "200");
foreach (var obj in resp.SecretList)
{
AddObject(obj);
}
}while (!string.IsNullOrEmpty(resp.NextToken));
}
static void Main(string[] args)
{
var secretName = "TestSecret1";
var config = new AmazonSecretsManagerConfig();
config.RegionEndpoint = RegionEndpoint.USWest2;
var client = new AmazonSecretsManagerClient(config);
var secretValueRequest = new GetSecretValueRequest();
secretValueRequest.SecretId = secretName;
var secretValueResponse = GetSecretValueResponseAsync(client, secretValueRequest);
if (secretValueResponse.Result.SecretString != null)
{
Console.WriteLine("Secret String: " + secretValueResponse.Result.SecretString);
}
else if (secretValueResponse.Result.SecretBinary != null)
{
Console.WriteLine("SecretBinary saved to variable.");
var secretBinary = secretValueResponse.Result.SecretBinary;
//Do something with the SecretBinary in your code
}
else
{
Console.WriteLine("Secret String and Secret Binary are null.");
//Do something with the SecretString in your code
}
}
public Function()
{
if (builder != null)
{
return;
}
//read aud, kid and iss from env vars
var aud = Environment.GetEnvironmentVariable("Audience");
var iss = Environment.GetEnvironmentVariable("Issuer");
var kid = Environment.GetEnvironmentVariable("KeyId");
var client = new AmazonSecretsManagerClient();
GetSecretValueResponse response;
try
{
response = client.GetSecretValueAsync(new GetSecretValueRequest {
SecretId = "RsaKeypair"
}).Result;
}
catch (Exception ex)
{
LambdaLogger.Log("Error trying to fetch RSA keys from SM: " + ex.Message);
throw;
}
var json = JsonDocument.Parse(response.SecretString);
var privKey = Convert.FromBase64String(json.RootElement.GetProperty("privateKey").GetString());
var pubKey = Convert.FromBase64String(json.RootElement.GetProperty("publicKey").GetString());
builder = new JwtBuilder(privKey, pubKey, aud, kid, iss);
}
private void Initialise()
{
try
{
IAmazonSecretsManager client = new AmazonSecretsManagerClient(_accessKey, _secretKey, RegionEndpoint.GetBySystemName(_region));
var request = new GetSecretValueRequest()
{
SecretId = _secretName,
VersionStage = "AWSCURRENT"
};
var response = client.GetSecretValueAsync(request).Result;
if (response.SecretString != null)
{
var secret = response.SecretString;
_secretDictionary = JsonConvert.DeserializeObject <Dictionary <string, string> >(secret);
}
else
{
var memoryStream = response.SecretBinary;
var reader = new StreamReader(memoryStream);
var decodedBinarySecret = Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
_secretDictionary = JsonConvert.DeserializeObject <Dictionary <string, string> >(decodedBinarySecret);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
static async Task Test()
{
var function = new LetsEncryptAccountKeySecretRotationFunction();
var secretsManager = new AmazonSecretsManagerClient();
var secretArn = string.Empty;
secretArn = "arn:aws:secretsmanager:us-west-2:1234567890:secret:TestSecret-636999565209208171-icM7qC";
if (string.IsNullOrEmpty(secretArn))
{
var createResult = await secretsManager.CreateSecretAsync(new CreateSecretRequest
{
Name = $"TestSecret-{DateTime.UtcNow.Ticks}",
SecretString = "{}"
});
secretArn = createResult.ARN;
}
var @event = new SecretRotationEvent
{
ClientRequestToken = Guid.NewGuid().ToString(),
SecretId = secretArn,
Step = "createSecret"
};
var context = new TestContext();
try
{
await function.Handler(@event, context);
@event.Step = "setSecret";
await function.Handler(@event, context);
@event.Step = "testSecret";
await function.Handler(@event, context);
@event.Step = "finishSecret";
await function.Handler(@event, context);
}
catch (Exception ex)
{
Console.Write(ex);
throw;
}
finally
{
await secretsManager.DeleteSecretAsync(new DeleteSecretRequest
{
SecretId = secretArn,
ForceDeleteWithoutRecovery = true
});
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public virtual void ConfigureServices(IServiceCollection services)
{
var cognitoConfigKey = Configuration.GetSection("AWS").GetSection("Secrets")["CognitoConfig"];
var secretsClient = new AmazonSecretsManagerClient(RegionEndpoint.USWest2);
var cognitoConfigSecretResponse = secretsClient.GetSecretValueAsync(new GetSecretValueRequest
{
SecretId = cognitoConfigKey
}).Result;
var cognitoAdapterConfig = JsonConvert.DeserializeObject <AwsCognitoAdapterConfig>(cognitoConfigSecretResponse.SecretString);
var validIssuer = Configuration.GetValidIssuer(cognitoAdapterConfig.UserPoolId);
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
//options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services
.AddMvc().AddApplicationPart(typeof(Startup).Assembly) //need this to make the integrations tests work: https://stackoverflow.com/a/58079778
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKeyResolver = (s, token, identifier, parameters) =>
{
var json = new WebClient().DownloadString($"{validIssuer}/.well-known/jwks.json");
var keys = JsonConvert.DeserializeObject <JsonWebKeySet>(json).Keys;
return(keys);
},
ClockSkew = TimeSpan.FromMinutes(5),
LifetimeValidator = (notBefore, expires, token, parameters) =>
{
if (expires != null)
{
if (DateTime.UtcNow < expires)
{
return(true);
}
}
return(false);
},
ValidateIssuer = true,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = validIssuer
};
});
services.AddScoped(s => cognitoAdapterConfig);
services.AddScoped <IAwsCognitoAdapterHelper, AwsCognitoAdapterHelper>();
services.AddScoped <IAmazonCognitoIdentityProvider, AmazonCognitoIdentityProviderClient>();
services.AddScoped <IAuthAdapter, AwsCognitoAdapter>();
}
public CadastroSecretsManagerService()
{
_config = new AmazonSecretsManagerConfig()
{
RegionEndpoint = RegionEndpoint.SAEast1
};
_client = new AmazonSecretsManagerClient(_config);
}
internal static DescribeSecretResponse DescribeSecret(AmazonSecretsManagerClient client, string secretId)
{
var asyncResult = client.DescribeSecretAsync(new DescribeSecretRequest
{
SecretId = secretId
});
return(asyncResult.Result);
}
public webapiContext()
{
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient();
secretResponseTask = client.GetSecretValueAsync(new GetSecretValueRequest
{
SecretId = $"{Environment.GetEnvironmentVariable("SECRETS_NAMESPACE")}dbPassword"
});
}
internal static GetSecretValueResponse GetSecret(AmazonSecretsManagerClient client, string secretId, string stage, string token = null)
{
var asyncResult = client.GetSecretValueAsync(
new GetSecretValueRequest {
SecretId = secretId, VersionId = token, VersionStage = stage
}
);
return(asyncResult.Result);
}
public static async Task <T> GetSecret <T>(string secretId)
{
var request = new GetSecretValueRequest {
SecretId = secretId
};
var client = new AmazonSecretsManagerClient();
var response = await client.GetSecretValueAsync(request);
return(JsonSerializer.Deserialize <T>(response.SecretString));
}
// *******************************************************************
// Constructors.
// *******************************************************************
#region Constructors
/// <summary>
/// This constructor creates a new instance of the <see cref="SecretRepository"/>
/// class.
/// </summary>
public SecretRepository(
AmazonSecretsManagerClient secretClient
)
{
// Validate the parameters before attempting to use them.
Guard.Instance().ThrowIfNull(secretClient, nameof(secretClient));
// Save the references.
SecretClient = secretClient;
}
public Startup(IConfiguration configuration)
{
Configuration = configuration;
// Configuration
AwsOpts = Configuration.GetAWSOptions();
Config = new GeneralConfig();
Configuration.Bind("GeneralConfig", Config);
OpenIdConnectConfig = new OidcConfig();
Configuration.Bind("CognitoOIDC", OpenIdConnectConfig);
SecManager = new AmazonSecretsManagerClient(AwsOpts.Region);
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the AWS Secret Manager.
/// </summary>
/// <param name="accessKeyId">AWS Access Key ID</param>
/// <param name="accessKeySecret">AWS Secret Access Key</param>
/// <param name="region"> The system name of the service like "us-west-1". The default value is us-east-2</param>
/// <param name="cacheSize">The maximum number of items the Cache can contain before evicting using LRU. The default value is 1024.</param>
/// <param name="cacheItemTTL">The TTL of a Cache item in milliseconds.The default value is 3600000 ms, or 1 hour</param>
public SecretsManagerConfigurationSource(string accessKeyId, string accessKeySecret, string region = "us-east-2", ushort cacheSize = 1024, uint cacheItemTTL = 3600000u)
{
var config = new AmazonSecretsManagerConfig
{
RegionEndpoint = RegionEndpoint.GetBySystemName(region)
};
_client = new AmazonSecretsManagerClient(accessKeyId, accessKeySecret, config);
_cacheSize = cacheSize;
_cacheItemTTL = cacheItemTTL;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// configure strongly typed settings objects
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure <AppSettings>(appSettingsSection);
// configure jwt authentication
var appSettings = appSettingsSection.Get <AppSettings>();
var request = new GetSecretValueRequest
{
SecretId = appSettings.JwtKey
};
IAmazonSecretsManager _secretsManager = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(appSettings.Region));
var response = _secretsManager.GetSecretValueAsync(request).GetAwaiter().GetResult();
var key = Encoding.ASCII.GetBytes(response.SecretString);
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.AddAWSService <IAmazonDynamoDB>();
services.AddAWSService <IAmazonS3>();
services.AddAWSService <IAmazonSecretsManager>();
services.AddDefaultAWSOptions(
new AWSOptions
{
Region = RegionEndpoint.GetBySystemName(appSettings.Region)
});
services.AddSingleton <IUserRepository, UserRepository>();
services.AddSingleton <IS3Service, S3Service>();
services.AddSingleton <IUserService, UserService>();
services.AddSingleton <ISecretService, SecretService>();
}
