I am using AWS Secrets manager to store some API keys. Once configured in the AWS Secrets manager console, I tried using their sample code to retrieve the secrets that I stored. Here is the code that is supposed to be used :
public static void GetSecret()
{
string secretName = "XYXYXYX";
string region = "us-west-2";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
//IAmazonSecretsManager client = new AmazonSecretsManagerClient((new StoredProfileAWSCredentials()));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
}
// Your code goes here.
}
When I try to run this, I get the following error :
System.AggregateException: 'https://secretsmanager.us-west-2.amazonaws.comgisteredAccounts.jsonET_Core/3.1.4 OS/Microsoft_Windows_6.)'
Inner Exception
AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
I am using the AWS toolkit for VS2019 and I did verify that the credentials are good (I am able to access S3 bucket objects directly from the toolkit).
Is there something else that needs to be done to retrieve the secrets?
The issue was with unavailability of the default profile in the env variables. I used the AWS configure to set the credentials for the default profile and modified the creation of the client as below :
var config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USWest2 };
IAmazonSecretsManager client = new AmazonSecretsManagerClient(config);
Once that is done, I am able to pull my secrets