public async Task <Secret <TOTPCode> > GetCodeAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.TOTP, string wrapTimeToLive = null)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(keyName, "keyName");
return(await _polymath.MakeVaultApiRequest <Secret <TOTPCode> >("v1/" + mountPoint.Trim('/') + "/code/" + keyName.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <SecretData> > ReadSecretAsync(string path, int?version = null, string mountPoint = SecretsEngineDefaultPaths.KeyValue, string wrapTimeToLive = null)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(path, "path");
return(await _polymath.MakeVaultApiRequest <Secret <SecretData> >("v1/" + mountPoint.Trim('/') + "/data/" + path.Trim('/') + (version != null ? ("?version=" + version) : ""), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <EncryptionResponse> > EncryptAsync(string keyName, EncryptRequestOptions encryptRequestOptions, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(keyName, "keyName");
Checker.NotNull(encryptRequestOptions, "encryptRequestOptions");
return(await _polymath.MakeVaultApiRequest <Secret <EncryptionResponse> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.GoogleCloudKMS, "/encrypt/" + keyName.Trim('/'), HttpMethod.Post, encryptRequestOptions, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <Dictionary <string, object> > > ReadSecretAsync(string path, string mountPoint = SecretsEngineDefaultPaths.KeyValueV1, string wrapTimeToLive = null)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(path, "path");
return(await _polymath.MakeVaultApiRequest <Secret <Dictionary <string, object> > >("v1/" + mountPoint.Trim('/') + "/" + path.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <IdentityToken> > GetTokenAsync(string roleName, string mountPoint = SecretsEngineDefaultPaths.Identity, string wrapTimeToLive = null)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(roleName, "roleName");
return(await _polymath.MakeVaultApiRequest <Secret <IdentityToken> >("v1/" + mountPoint.Trim('/') + "/oidc/token/" + roleName.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <AWSCredentials> > GetCredentialsAsync(string awsRoleName, string awsMountPoint = SecretsEngineDefaultPaths.AWS, string wrapTimeToLive = null)
{
Checker.NotNull(awsMountPoint, "awsMountPoint");
Checker.NotNull(awsRoleName, "awsRoleName");
return(await _polymath.MakeVaultApiRequest <Secret <AWSCredentials> >("v1/" + awsMountPoint.Trim('/') + "/creds/" + awsRoleName.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <EncodedResponse> > EncodeAsync(string roleName, EncodeRequestOptions encodeRequestOptions, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(roleName, "roleName");
Checker.NotNull(encodeRequestOptions, "encodeRequestOptions");
return(await _polymath.MakeVaultApiRequest <Secret <EncodedResponse> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.Transform, "/encode/" + roleName.Trim('/'), HttpMethod.Post, encodeRequestOptions, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <SSHCredentials> > GetCredentialsAsync(string roleName, string ipAddress, string username = null, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(roleName, "roleName");
Checker.NotNull(ipAddress, "ipAddress");
var requestData = new { ip = ipAddress, username = username };
return(await _polymath.MakeVaultApiRequest <Secret <SSHCredentials> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.SSH, "/creds/" + roleName.Trim('/'), HttpMethod.Post, requestData, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task ReloadBackendsAsync(string plugin, IEnumerable <string> backendMountPaths)
{
var requestData = new
{
plugin = plugin,
mounts = backendMountPaths
};
await _polymath.MakeVaultApiRequest("v1/sys/plugin/reload/backend", HttpMethod.Put, requestData).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}
public async Task <Secret <CertificateCredentials> > GetCredentialsAsync(string pkiRoleName, CertificateCredentialsRequestOptions certificateCredentialRequestOptions, string pkiBackendMountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(pkiRoleName, "pkiRoleName");
Checker.NotNull(certificateCredentialRequestOptions, "certificateCredentialRequestOptions");
var result = await _polymath.MakeVaultApiRequest <Secret <CertificateCredentials> >(pkiBackendMountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.PKI, "/issue/" + pkiRoleName, HttpMethod.Post, certificateCredentialRequestOptions, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
result.Data.CertificateFormat = certificateCredentialRequestOptions.CertificateFormat;
return(result);
}
public async Task <Secret <KMIPCredentials> > GetCredentialsAsync(string scopeName, string roleName, CertificateFormat format = CertificateFormat.pem, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(scopeName, "scopeName");
Checker.NotNull(roleName, "roleName");
return(await _polymath.MakeVaultApiRequest <Secret <KMIPCredentials> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KMIP, "/scope/" + scopeName.Trim('/') + "/role/" + scopeName.Trim('/') + "/credential/generate", HttpMethod.Post, new { format }, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <string> GetVaultTokenAsync()
{
var signingTime = DateTime.UtcNow;
var signature = CloudFoundrySignatureProvider.GetSignature(signingTime, _cloudFoundryAuthMethodInfo.CFInstanceCertContent, _cloudFoundryAuthMethodInfo.RoleName, _cloudFoundryAuthMethodInfo.CFInstanceKeyContent);
var requestData = new
{
role = _cloudFoundryAuthMethodInfo.RoleName,
cf_instance_cert = _cloudFoundryAuthMethodInfo.CFInstanceCertContent,
signing_time = CloudFoundrySignatureProvider.GetFormattedSigningTime(signingTime),
signature
};
// make an unauthenticated call to Vault, since this is the call to get the token.
// It shouldn't need a token.
var response = await _polymath.MakeVaultApiRequest <Secret <Dictionary <string, object> > >(LoginResourcePath, HttpMethod.Post, requestData, unauthenticated : true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
_cloudFoundryAuthMethodInfo.ReturnedLoginAuthInfo = response?.AuthInfo;
if (response?.AuthInfo != null && !string.IsNullOrWhiteSpace(response.AuthInfo.ClientToken))
{
return(response.AuthInfo.ClientToken);
}
throw new Exception("The call to the Vault authentication method backend did not yield a client token. Please verify your credentials.");
}
public async Task WriteGroupAsync(string groupName, IList <string> policies, string mountPoint = AuthMethodDefaultPaths.LDAP)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(groupName, "groupName");
var flatPolicies = string.Join(",", policies);
await _polymath.MakeVaultApiRequest("v1/auth/" + mountPoint.Trim('/') + "/groups/" + groupName.Trim('/'), HttpMethod.Post, new { policies = flatPolicies }).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}
public async Task <Secret <object> > CreateTokenAsync(CreateTokenRequest createTokenRequest)
{
var request = createTokenRequest ?? new CreateTokenRequest();
var suffix = "create";
if (createTokenRequest.NoParent)
{
suffix = "create-orphan";
}
if (!string.IsNullOrWhiteSpace(createTokenRequest.RoleName))
{
suffix = "create/" + createTokenRequest.RoleName.Trim('/');
}
return(await _polymath.MakeVaultApiRequest <Secret <object> >("v1/auth/token/" + suffix, HttpMethod.Post, request).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <string> GetVaultTokenAsync()
{
// Make an unauthenticated call to Vault, since this is the call to get the token.
// It shouldn't need a token.
var response = string.IsNullOrWhiteSpace(_certAuthMethodInfo.RoleName) ?
(await _polymath.MakeVaultApiRequest <Secret <JToken> >(LoginResourcePath, HttpMethod.Post, unauthenticated: true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext)) :
(await _polymath.MakeVaultApiRequest <Secret <JToken> >(LoginResourcePath, HttpMethod.Post, new { name = _certAuthMethodInfo.RoleName }, unauthenticated: true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
_certAuthMethodInfo.ReturnedLoginAuthInfo = response?.AuthInfo;
if (response?.AuthInfo != null && !string.IsNullOrWhiteSpace(response.AuthInfo.ClientToken))
{
return(response.AuthInfo.ClientToken);
}
throw new Exception("The call to the Vault authentication method backend did not yield a client token. Please verify your credentials.");
}
public async Task <string> GetVaultTokenAsync()
{
var requestData = _cloudFoundryAuthMethodInfo.Signature;
// make an unauthenticated call to Vault, since this is the call to get the token. It shouldn't need a token.
var response = await _polymath.MakeVaultApiRequest <Secret <Dictionary <string, object> > >(LoginResourcePath, HttpMethod.Post, requestData, unauthenticated : true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
_cloudFoundryAuthMethodInfo.ReturnedLoginAuthInfo = response?.AuthInfo;
if (response?.AuthInfo != null && !string.IsNullOrWhiteSpace(response.AuthInfo.ClientToken))
{
return(response.AuthInfo.ClientToken);
}
throw new Exception("The call to the Vault authentication method backend did not yield a client token. Please verify your credentials.");
}
public async Task <Secret <NomadCredentials> > GetCredentialsAsync(string roleName, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(roleName, "roleName");
return(await _polymath.MakeVaultApiRequest <Secret <NomadCredentials> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.Nomad, "/creds/" + roleName.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <GoogleCloudOAuth2Token> > GetOAuth2TokenAsync(string roleset, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(roleset, "roleset");
return(await _polymath.MakeVaultApiRequest <Secret <GoogleCloudOAuth2Token> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.GoogleCloud, "/token/" + roleset.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <T> > ReadSecretAsync <T>(string path, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(path, "path");
return(await _polymath.MakeVaultApiRequest <Secret <T> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KeyValueV1, "/" + path.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <EncryptionResponse> > EncryptAsync(string keyName, EncryptRequestOptions encryptRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transit, string wrapTimeToLive = null)
{
Checker.NotNull(keyName, "keyName");
return(await _polymath.MakeVaultApiRequest <Secret <EncryptionResponse> >("v1/" + mountPoint.Trim('/') + "/encrypt/" + keyName.Trim('/'), HttpMethod.Post, encryptRequestOptions, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <CallingTokenInfo> > LookupSelfAsync()
{
return(await _polymath.MakeVaultApiRequest <Secret <CallingTokenInfo> >("v1/auth/token/lookup-self", HttpMethod.Get).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <Dictionary <string, object> > > ReadSecretAsync(string secretPath, string wrapTimeToLive = null)
{
Checker.NotNull(secretPath, "secretPath");
return(await _polymath.MakeVaultApiRequest <Secret <Dictionary <string, object> > >("v1/" + SecretsEngineDefaultPaths.Cubbyhole + "/" + secretPath.TrimStart('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <Dictionary <string, AbstractAuditBackend> > > GetAuditBackendsAsync()
{
var response = await _polymath.MakeVaultApiRequest <Secret <Dictionary <string, AbstractAuditBackend> > >("v1/sys/audit", HttpMethod.Get).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
foreach (var kv in response.Data)
{
kv.Value.MountPoint = kv.Key;
}
return(response);
}
public async Task CreateRoleAsync(string roleName, Role role, string mountPoint = null)
{
Checker.NotNull(roleName, "roleName");
Checker.NotNull(role, "role");
await _polymath.MakeVaultApiRequest(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.Database, "/roles/" + roleName.Trim('/'), HttpMethod.Post, role).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
}
public async Task <Secret <ControlGroup> > GetControlGroupConfigAsync()
{
return(await _polymath.MakeVaultApiRequest <Secret <ControlGroup> >("v1/sys/config/control-group", HttpMethod.Get).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <KeyManagementKey> > ReadKeyAsync(string keyName, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(keyName, "keyName");
return(await _polymath.MakeVaultApiRequest <Secret <KeyManagementKey> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KeyManagement, "/key/" + keyName.Trim('/'), HttpMethod.Get, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
public async Task <Secret <AppRoleInfo> > ReadRoleAsync(string roleName, string mountPoint = AuthMethodDefaultPaths.AppRole)
{
Checker.NotNull(mountPoint, "mountPoint");
Checker.NotNull(roleName, "roleName");
return(await _polymath.MakeVaultApiRequest <Secret <AppRoleInfo> >("v1/auth/" + mountPoint.Trim('/') + "/role/" + roleName.Trim('/'), HttpMethod.Get).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
