/// <summary> /// Add the Vault API client to the service collection. /// </summary> /// <param name="services"> /// The service collection to configure. /// </param> public static void AddVaultClient(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } services.AddSingleton <IVaultClient>(serviceProvider => { VaultOptions vaultOptions = serviceProvider.GetRequiredService <IOptions <VaultOptions> >().Value; if (String.IsNullOrWhiteSpace(vaultOptions.EndPoint)) { throw new InvalidOperationException("Application configuration is missing Vault end-point."); } if (String.IsNullOrWhiteSpace(vaultOptions.Token)) { throw new InvalidOperationException("Application configuration is missing Vault access token."); } return(VaultClientFactory.CreateVaultClient( new Uri(vaultOptions.EndPoint), new TokenAuthenticationInfo(vaultOptions.Token) )); }); }
public KeyValueService( IVaultClient client, VaultOptions options) { _client = client; _options = options; }
private static void VerifyOptions(VaultOptions options) { if (options.Kv is null) { if (!string.IsNullOrWhiteSpace(options.Key)) { options.Kv = new VaultOptions.KeyValueOptions { Enabled = options.Enabled, Path = options.Key }; } return; } if (options.Kv.EngineVersion is > 2 or < 0) { throw new VaultException($"Invalid KV engine version: {options.Kv.EngineVersion} (available: 1 or 2)."); } if (options.Kv.EngineVersion == 0) { options.Kv.EngineVersion = 2; } }
public VaultHostedService(IVaultClient client, ILeaseService leaseService, VaultOptions options, ILogger <VaultHostedService> logger) { _client = client; _leaseService = leaseService; _options = options; _logger = logger; _interval = 5; }
public VaultHostedService( IVaultClient client, VaultOptions options, ILogger <VaultHostedService> logger) { _client = client; _options = options; _logger = logger; }
public VaultHostedService(IVaultClient client, ILeaseService leaseService, ICertificatesIssuer certificatesIssuer, ICertificatesService certificatesService, VaultOptions options, ILogger <VaultHostedService> logger) { _client = client; _leaseService = leaseService; _certificatesIssuer = certificatesIssuer; _certificatesService = certificatesService; _options = options; _logger = logger; _interval = _options.RenewalsInterval <= 0 ? 10 : _options.RenewalsInterval; }
public static IVaultClient CreateVaultClient(IConfiguration configuration) { var vaultOptions = new VaultOptions { BaseUrl = new Uri(configuration[configuration["Vault:Endpoint"]]), Engine = configuration["Vault:Engine"], Role = configuration["Vault:Role"] }; return(new VaultClient.VaultClient(vaultOptions)); }
private VaultOptions ConfigureClient() { var options = new VaultOptions(); if (Uri.TryCreate(_connectionConfiguration["vault.address"], UriKind.Absolute, out var clientAddress)) { options.Address = clientAddress.ToString(); } options.Token = _connectionConfiguration["vault.token"]; return(options); }
private VaultClient.VaultClient GetVaultClient() { var vaultOptions = new VaultOptions { BaseUrl = new Uri(EnvironmentVariableHelper.Get("Vault:Endpoint", Configuration)), Engine = Configuration["Vault:Engine"], Role = Configuration["Vault:Role"] }; return(new VaultClient.VaultClient(vaultOptions, new NullLoggerFactory())); }
private static async Task AddVaultAsync(this IConfigurationBuilder builder, VaultOptions options, string keyValuePath) { VerifyOptions(options); var kvPath = string.IsNullOrWhiteSpace(keyValuePath) ? options.Kv?.Path : keyValuePath; var(client, _) = GetClientAndSettings(options); if (!string.IsNullOrWhiteSpace(kvPath) && options.Kv.Enabled) { Console.WriteLine($"Loading settings from Vault: '{options.Url}', KV path: '{kvPath}'."); var keyValueSecrets = new KeyValueSecrets(client, options); var secret = await keyValueSecrets.GetAsync(kvPath); var parser = new JsonParser(); var json = JsonConvert.SerializeObject(secret); var data = parser.Parse(json); var source = new MemoryConfigurationSource { InitialData = data }; builder.Add(source); } if (options.Pki is not null && options.Pki.Enabled) { Console.WriteLine("Initializing Vault PKI."); await SetPkiSecretsAsync(client, options); } if (options.Lease is null || !options.Lease.Any()) { return; } var configuration = new Dictionary <string, string>(); foreach (var(key, lease) in options.Lease) { if (!lease.Enabled || string.IsNullOrWhiteSpace(lease.Type)) { continue; } Console.WriteLine($"Initializing Vault lease for: '{key}', type: '{lease.Type}'."); await InitLeaseAsync(key, client, lease, configuration); } if (configuration.Any()) { var source = new MemoryConfigurationSource { InitialData = configuration }; builder.Add(source); } }
public static VaultClient.VaultClient CreateVaultClient(IConfiguration configuration, ILoggerFactory loggerFactory = null) { var vaultOptions = new VaultOptions { BaseUrl = new Uri(configuration[configuration["Vault:Endpoint"]]), Engine = configuration["Vault:Engine"], Role = configuration["Vault:Role"] }; return(new VaultClient.VaultClient(vaultOptions, loggerFactory)); }
public BatchInitTask( BatchOptions batchOptions, SearchOptions searchOptions, CosmosOptions cosmosOptions, StorageOptions storageOptions, VaultOptions vaultOptions) { BatchOptions = batchOptions; SearchOptions = searchOptions; CosmosOptions = cosmosOptions; StorageOptions = storageOptions; VaultOptions = vaultOptions; }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddOptions(); services.AddSingleton(Configuration); var options = new VaultOptions(); Configuration.Bind("VaultOptions", options); services.AddSingleton(options); services.AddMvc() .SetCompatibilityVersion(CompatibilityVersion.Version_2_1); }
public CertificatesIssuer(IVaultClient client, VaultOptions options) { _client = client; _options = options.Pki; _mountPoint = string.IsNullOrWhiteSpace(_options.MountPoint) ? SecretsEngineDefaultPaths.PKI : _options.MountPoint; _certificateFormat = string.IsNullOrWhiteSpace(_options.CertificateFormat) ? CertificateFormat.pem : Enum.Parse <CertificateFormat>(_options.CertificateFormat, true); _privateKeyFormat = string.IsNullOrWhiteSpace(_options.PrivateKeyFormat) ? PrivateKeyFormat.der : Enum.Parse <PrivateKeyFormat>(_options.PrivateKeyFormat, true); }
public static void AddHashicorpVaultSecretsToConfiguration( WebHostBuilderContext context, IConfigurationBuilder configBuilder, string vaultOptionsSectionKey, string vaultSeederSectionKey) { var configuration = configBuilder.Build(); // bind vault options var options = new VaultOptions(); configuration.Bind(vaultOptionsSectionKey, options); // bind seeder var seedData = new List <VaultSeeder>(); configuration.Bind(vaultSeederSectionKey, seedData); var logger = new LoggerFactory() .AddConsole() .CreateLogger <VaultWriteService>(); // seed new VaultWriteService( logger, options, seedData ).SeedVault(); var vaultConfigurationBuilder = new ConfigurationBuilder(); var vaultConfiguration = vaultConfigurationBuilder.AddHashiCorpVault(configuration).Build(); var prefixedConfigValues = new Dictionary <string, string>(); foreach (var secretPath in options.Secrets) { var configSectionName = secretPath.Replace("/", ":"); logger.LogInformation($"Reading vault config from section '{configSectionName}'"); var jsonString = vaultConfiguration.GetValue <string>(configSectionName); var secretValues = JsonConvert.DeserializeObject <Dictionary <string, string> >(jsonString); foreach (var keyValue in secretValues) { prefixedConfigValues.Add(configSectionName + ":" + keyValue.Key, keyValue.Value); } } configBuilder.AddInMemoryCollection(prefixedConfigValues); context.Configuration = configBuilder.Build(); }
private static IConfigurationBuilder AddVault(this IConfigurationBuilder builder, VaultOptions options, string key) { var client = new VaultStore(options); var secret = string.IsNullOrWhiteSpace(key) ? client.GetDefaultAsync().Result : client.GetAsync(key).Result; var parser = new JsonParser(); var data = parser.Parse(JObject.FromObject(secret)); var source = new MemoryConfigurationSource { InitialData = data }; builder.Add(source); return(builder); }
public async Task Login_ShouldLogin() { var options = new VaultOptions { BaseUrl = new Uri("https://vault.dev.happytravel.com/v1/"), Role = "role", Engine = "secrets" }; using var client = new VaultClient(options, new NullLoggerFactory()); await client.Login(""); var secret = await client.Get("edo/connection-string"); }
public static void Configure(CommandLineApplication command) { command.Description = "Initializes the Azure Batch configuration"; command.SetDefaultHelp(); command.OnExecute(async() => { var batch = new BatchOptions(); var search = new SearchOptions(); var cosmos = new CosmosOptions(); var storage = new StorageOptions(); var vault = new VaultOptions(); if (command.HasAllRequiredParameters(new[] { batch.Account, batch.Url, batch.Key, batch.StorageName, batch.StorageKey, search.Name, search.Key, cosmos.Endpoint, cosmos.RawKey, cosmos.Database, cosmos.DatasetsCollection, cosmos.UserDataCollection, storage.Account, storage.Key, vault.VaultUrl })) { await new Admin.Batch.BatchInitTask(batch, search, cosmos, storage, vault).ExecuteAsync(); } return(0); }); }
/// <summary> /// Configure all of the needed configurations /// </summary> private static void BuildConfiguration() { var builder = new ConfigurationBuilder() .AddEnvironmentVariables() .SetBasePath(Path.Combine(AppContext.BaseDirectory)) .AddJsonFile("appsettings.json", optional: true); if (string.IsNullOrEmpty(Enviroment) && IsDevelopment) { builder.AddJsonFile("appsettings.development.json", optional: true); } else { builder.AddJsonFile($"appsettings.{Enviroment}.json", optional: false); } Configuration = builder.Build(); #region DEBUG: Seed the Vault before reading into Configurations var options = new VaultOptions(); Configuration.Bind("VaultOptions", options); var seedData = new List <VaultSeeder>(); Configuration.Bind("VaultSeeder", seedData); var logger = new LoggerFactory() .AddConsole() .AddDebug() .CreateLogger <VaultWriteService>(); new VaultWriteService( logger, options, seedData ).SeedVault(); #endregion // Add Vault Registration Configuration = builder.AddHashiCorpVault(Configuration).Build(); }
public static void Configure(CommandLineApplication command) { command.Description = "Verifies secrets exist in Key Vault."; command.SetDefaultHelp(); command.OnExecute(async() => { var vault = new VaultOptions(); if (command.HasAllRequiredParameters(new[] { vault.VaultUrl, })) { await new Admin.KeyVault.KeyVaultVerifyTask(vault).ExecuteAsync(); } return(0); }); }
/// <summary> /// Dependecy injection in manner of Asp.net application /// </summary> /// <param name="services"></param> private static void ConfigureServices(IServiceCollection services) { #region Add Configurations // Add functionality to inject IOptions<T> services.AddOptions(); // *If* you need access to generic IConfiguration this is **required** services.AddSingleton <IConfiguration>(Configuration); // bind object var options = new VaultOptions(); Configuration.Bind("VaultOptions", options); services.AddSingleton(options); var seedData = new List <VaultSeeder>(); Configuration.Bind("VaultSeeder", seedData); services.AddSingleton(seedData); #endregion // Add Application dependecies services.AddTransient <IReadVault, ReadVault>(); #region Add Logging // Add build in logging without configuration file //services.AddSingleton(new LoggerFactory() // .AddConsole() // .AddDebug()); // Add build in logging with configuration file services.AddLogging(builder => { builder.AddConfiguration(Configuration.GetSection("Logging")) .AddConsole() .AddDebug(); }); #endregion // Add the actual application services.AddTransient <Application>(); }
public CustomersServiceClient(IHttpClient httpClient, HttpClientOptions options, ICertificatesService certificatesService, VaultOptions vaultOptions, SecurityOptions securityOptions) { _httpClient = httpClient; _url = options.Services["customers"]; if (!vaultOptions.Enabled || vaultOptions.Pki?.Enabled != true) { return; } var certificate = certificatesService.Get(vaultOptions.Pki.RoleName); if (certificate is null) { return; } var header = securityOptions.Certificate.GetHeaderName(); var certificateData = certificate.GetRawCertDataString(); _httpClient.SetHeaders(h => h.Add(header, certificateData)); }
public PricingServiceClient(IHttpClient client, ICertificatesService certificatesService, HttpClientOptions httpClientOptions, VaultOptions vaultOptions, SecurityOptions securityOptions) { _client = client; _url = httpClientOptions.Services["pricing"]; if (!vaultOptions.Enabled || vaultOptions.Pki?.Enabled != true || securityOptions.Certificate?.Enabled != true) { return; } var certificate = certificatesService.Get(vaultOptions.Pki.RoleName); if (certificate is null) { return; } var header = securityOptions.Certificate.GetHeaderName(); var certificateData = certificate.GetRawCertDataString(); _client.SetHeaders(h => h.Add(header, certificateData)); }
public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .ConfigureAppConfiguration((context, configBuilder) => { configBuilder.AddEnvironmentVariables(); configBuilder.AddJsonFile("appsettings.json", optional: true); configBuilder.AddCommandLine(args); var configuration = configBuilder.Build(); #region DEBUG: Seed the Vault before reading into Configurations // bind vault options var options = new VaultOptions(); configuration.Bind("VaultOptions", options); // bind seeder var seedData = new List <VaultSeeder>(); configuration.Bind("VaultSeeder", seedData); var logger = new LoggerFactory() .AddConsole() .AddDebug() .CreateLogger <VaultWriteService>(); // seed new VaultWriteService( logger, options, seedData ).SeedVault(); #endregion // retrieve encrypted values and make available to the application configuration = configBuilder.AddHashiCorpVault(configuration).Build(); // set configuration context.Configuration = configuration; }) .UseStartup <Startup>();
public ValuesController(VaultOptions vaultOptions, IConfiguration configuration) { _options = vaultOptions; _configuration = configuration; }
public ReadVault(ILogger <ReadVault> logger, VaultOptions options, IConfiguration configuration) { _logger = logger; _options = options; _configuration = configuration; }
public KeyVaultVerifyTask( VaultOptions vaultOptions) { VaultOptions = vaultOptions; }
public VaultStore(VaultOptions options) { _options = options; LoadEnvironmentVariables(); }
/// <summary> /// The <see cref="VaultWriteService"/> constructor /// </summary> /// <param name="logger">The <see cref="ILogger{VaultWriteService}"/> logging.</param> /// <param name="options">The <see cref="VaultOptions"/> for the service.</param> /// <param name="seeder">The <see cref="List{VaultSeeder}"/></param> public VaultWriteService(ILogger <VaultWriteService> logger, VaultOptions options, List <VaultSeeder> seeder) { _logger = logger; _options = options; _seeder = seeder; }
public KeyValueSecret(IVaultClient client, VaultOptions options) { _client = client ?? throw new ArgumentNullException(nameof(client)); _options = options ?? throw new ArgumentNullException(nameof(options)); }