« SecretsManager » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
| (6 versions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 4 : | Ligne 4 : | ||
* [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/csharp_secrets-manager_code_examples.html Secrets Manager] | * [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/csharp_secrets-manager_code_examples.html Secrets Manager] | ||
= | = [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Use a ConfigurationProvider to load secrets from the SecretsManager] = | ||
< | <filebox fn='AmazonSecretsManagerConfigurationProvider.cs'> | ||
public class AmazonSecretsManagerConfigurationProvider(string secretName) : ConfigurationProvider | |||
{ | { | ||
public override void Load() | public override void Load() | ||
{ | { | ||
| Ligne 49 : | Ligne 21 : | ||
}; | }; | ||
using | using var client = new AmazonSecretsManagerClient() | ||
var response = client.GetSecretValueAsync(request).Result; | |||
return response.SecretString; | |||
} | } | ||
} | } | ||
</filebox> | </filebox> | ||
<filebox fn='AmazonSecretsManagerConfigurationSource.cs' | <filebox fn='AmazonSecretsManagerConfigurationSource.cs'> | ||
public class AmazonSecretsManagerConfigurationSource : IConfigurationSource | public class AmazonSecretsManagerConfigurationSource(string secretName) : IConfigurationSource | ||
{ | { | ||
public IConfigurationProvider Build(IConfigurationBuilder builder) | public IConfigurationProvider Build(IConfigurationBuilder builder) | ||
=> new AmazonSecretsManagerConfigurationProvider(this.secretName); | |||
} | } | ||
</filebox> | </filebox> | ||
<filebox fn='ConfigurationBuilderExtensions.cs' | <filebox fn='ConfigurationBuilderExtensions.cs'> | ||
public static class ConfigurationBuilderExtensions | public static class ConfigurationBuilderExtensions | ||
{ | { | ||
public static void AddAmazonSecretsManager( | public static void AddAmazonSecretsManager(this IConfigurationBuilder configurationBuilder, string secretName) | ||
{ | { | ||
var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName); | var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName); | ||
| Ligne 90 : | Ligne 50 : | ||
builder.Configuration.AddAmazonSecretsManager("Secret name"); | builder.Configuration.AddAmazonSecretsManager("Secret name"); | ||
// inject an object which contains the secrets | |||
builder.Services.Configure<MySecrets>(builder.Configuration); | |||
// access it by injecting IOptions<MySecrets> options | |||
// load the secrets from the configuration into the MySecret object | |||
var mySecrets = configuration | |||
.GetSection(nameof(MySecrets.MyProperty)) | |||
.Get<MySecrets>(); | |||
// get a secret from a configuration key | |||
var secretValue = builder.Configuration["Secret key"]; | var secretValue = builder.Configuration["Secret key"]; | ||
</filebox> | </filebox> | ||
= Load the secrets into a dictionary = | |||
Nuget packages: {{boxx|AWSSDK.SecretsManager}} {{boxx|AWSSDK.SSO}} {{boxx|AWSSDK.SSOOIDC}} | |||
<kode lang='cs'> | |||
var secretsManagerConfig = new AmazonSecretsManagerConfig() | |||
{ | |||
Profile = new Profile("MyProfile"), | |||
RegionEndpoint = RegionEndpoint.EUCentral1 | |||
}; | |||
var secretsManager = new AmazonSecretsManagerClient(secretsManagerConfig); | |||
var request = new GetSecretValueRequest | |||
{ | |||
SecretId = "MySecretName" | |||
}; | |||
var response = await secretsManager.GetSecretValueAsync(request); | |||
var secret = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.SecretString); | |||
return secret; | |||
</kode> | |||
Dernière version du 12 juillet 2024 à 14:49
Links
Use a ConfigurationProvider to load secrets from the SecretsManager
| AmazonSecretsManagerConfigurationProvider.cs |
public class AmazonSecretsManagerConfigurationProvider(string secretName) : ConfigurationProvider
{
public override void Load()
{
var secret = GetSecret();
Data = JsonSerializer.Deserialize<Dictionary<string, string>>(secret)!;
}
private string GetSecret()
{
var request = new GetSecretValueRequest
{
SecretId = this.secretName
};
using var client = new AmazonSecretsManagerClient()
var response = client.GetSecretValueAsync(request).Result;
return response.SecretString;
}
}
|
| AmazonSecretsManagerConfigurationSource.cs |
public class AmazonSecretsManagerConfigurationSource(string secretName) : IConfigurationSource
{
public IConfigurationProvider Build(IConfigurationBuilder builder)
=> new AmazonSecretsManagerConfigurationProvider(this.secretName);
}
|
| ConfigurationBuilderExtensions.cs |
public static class ConfigurationBuilderExtensions
{
public static void AddAmazonSecretsManager(this IConfigurationBuilder configurationBuilder, string secretName)
{
var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName);
configurationBuilder.Add(configurationSource);
}
}
|
| Program.cs |
builder.Configuration.AddAmazonSecretsManager("Secret name");
// inject an object which contains the secrets
builder.Services.Configure<MySecrets>(builder.Configuration);
// access it by injecting IOptions<MySecrets> options
// load the secrets from the configuration into the MySecret object
var mySecrets = configuration
.GetSection(nameof(MySecrets.MyProperty))
.Get<MySecrets>();
// get a secret from a configuration key
var secretValue = builder.Configuration["Secret key"];
|
Load the secrets into a dictionary
Nuget packages: AWSSDK.SecretsManager AWSSDK.SSO AWSSDK.SSOOIDC
|
var secretsManagerConfig = new AmazonSecretsManagerConfig()
{
Profile = new Profile("MyProfile"),
RegionEndpoint = RegionEndpoint.EUCentral1
};
var secretsManager = new AmazonSecretsManagerClient(secretsManagerConfig);
var request = new GetSecretValueRequest
{
SecretId = "MySecretName"
};
var response = await secretsManager.GetSecretValueAsync(request);
var secret = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.SecretString);
return secret;
|
