public static IConfigurationBuilder AddVault(this IConfigurationBuilder builder)
{
var buildConfig = builder.Build();
if (buildConfig.GetSection("settings:useVault").Get <bool>())
{
try
{
IVaultClient vaultClient = VaultClientFactory.CreateVaultClient(
new Uri(buildConfig["vault:address"]),
new AppRoleAuthenticationInfo(
buildConfig["vault:roleid"],
buildConfig["vault:secretid"]
)
);
var vaultSecrets = vaultClient
.ReadSecretAsync(buildConfig["vault:path"])
.Result.Data.Select(x => new KeyValuePair <string, string>($"vault:{x.Key}", x.Value.ToString()));
return(builder.AddInMemoryCollection(vaultSecrets));
}
catch (Exception ex)
{
throw new Exception("Vault configuration failed: " + ex.Message);
}
}
else
{
return(builder);
}
}
private async Task LoadAsync()
{
var data = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase);
foreach (var secretPath in _secretPaths)
{
var secret = await _client.ReadSecretAsync(secretPath).ConfigureAwait(false);
var secretData = secret.Data;
// try and guess if we're using v2 KV secrets
if (secretData.ContainsKey(MetadataKey) &&
secretData.TryGetValue(DataKey, out var val) &&
val is IDictionary <string, JToken> v2Data)
{
AddSecrets(data, secret, v2Data);
}
else
{
AddSecrets(data, secret, secretData);
}
}
Data = data;
}
// get latest transit key version
public async Task <int> GetLatestTransitKeyVersion()
{
int keyVersion = -1;
var resp = await client.ReadSecretAsync(keyPath + transitKeyName);
if (resp.Data.ContainsKey("latest_version"))
{
keyVersion = (int)(long)resp.Data["latest_version"];
}
return(keyVersion);
}
private async Task SecretTests()
{
var path = "cubbyhole/foo/test";
var secretData = new Dictionary <string, object>
{
{ "1", "1" },
{ "2", 2 },
{ "3", false },
};
await _authenticatedVaultClient.WriteSecretAsync(path, secretData);
var secret = await _authenticatedVaultClient.ReadSecretAsync(path);
Assert.True(secret.Data.Count == 3);
await _authenticatedVaultClient.DeleteSecretAsync(path);
await Assert.ThrowsAsync <Exception>(() => _authenticatedVaultClient.ReadSecretAsync(path));
}
/// <inheritdoc/>
public async Task <string> GetSecretAsync(string storagePath)
{
var data = await _vaultClientImpl.ReadSecretAsync(storagePath);
return(data.Data.Values.First().ToString());
}
public async Task <string> GetSecretAsync(string path)
{
var rawData = await _vaultClientImplementation.ReadSecretAsync(path);
return(rawData.Data.Values.First().ToString());
}