Search code examples
asp.net-coreaws-secrets-manager

How do I access an AWS secret once configured in .NET?

I have been trying to find a way to use ASP .NET Core 2.1 and retrieve secrets from Secret Manager in AWS.

I found a great blog post and it appears to compile/run without errors but I cannot for the life of me figure out how to access the secrets.

Any help would be appreciated!

https://andrewlock.net/secure-secrets-storage-for-asp-net-core-with-aws-secrets-manager-part-1/

My code:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;

// Secrets


using Amazon;

// Secrets

namespace EJ2FileManagerService
{
    public class Program
    {
        // Secrets

        // Secrets
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Run();


        }

        public static IWebHost CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                     .ConfigureAppConfiguration((hostingContext, config) =>
                     {
                         config.AddSecretsManager( region: RegionEndpoint.USEast2, configurator: ops =>
                         {
                             ops.KeyGenerator = (secret, name) => name.Replace("__", ":");
                         }
                         );
                         Console.WriteLine("Hello World!");
                     })
                .UseStartup<Startup>()
                .Build();
    }
}

Long story short -- I need a secret from AWS in my .NET code. So if I wanted to console write a secret into a Console.WriteLine statement, how would I do it?

Solution

  • OK - so your question is how to READ a secret. Let's try different tutorials:

    Example 1: use SecretsManager (much like your original tutorial is doing):

    https://nimblegecko.com/how-to-use-aws-secret-manager-secrets-in-dotnet-core-application/

    var client = new AmazonSecretsManagerClient(accessKeyId, secretAccessKey, RegionEndpoint.APSoutheast2);
var request = new GetSecretValueRequest
{
    // this gets your secret name, 'web-api/passwords/database' in our case
    SecretId = secretName
};

GetSecretValueResponse response = null;
try
{
    response = client.GetSecretValueAsync(request).Result;
}
...

    Example 2: use SecretClient:

    https://nimblegecko.com/how-to-securely-store-and-retrieve-passwords-in-dot-net-core-apps-with-azure-key-vault/

    var keyVaultUrl = "https://<your-key-vault-name>.vault.azure.net/";
var credential =  new DefaultAzureCredential();
var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential);
KeyVaultSecret secret = client.GetSecret("<your-secret-name>");
Console.WriteLine($"{secret.Name}: {secret.Value}");

    The official documentation is here:

    AWS SDK for .NET Documentation

    If it's still confusing, take a look at the AWS SDK Developer Guide and/or some of the blogs the AWS Documentation page links to.