« SecretsManager » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
 
(5 versions intermédiaires par le même utilisateur non affichées)
Ligne 4 : Ligne 4 :
* [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/csharp_secrets-manager_code_examples.html Secrets Manager]
* [https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/csharp_secrets-manager_code_examples.html Secrets Manager]


= Load all the secrets into a dictionary =
= [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Use a ConfigurationProvider to load secrets from the SecretsManager] =
Nuget packages: {{boxx|AWSSDK.SecretsManager}} {{boxx|AWSSDK.SSO}} {{boxx|AWSSDK.SSOOIDC}}
<filebox fn='AmazonSecretsManagerConfigurationProvider.cs'>
<kode lang='cs'>
public class AmazonSecretsManagerConfigurationProvider(string secretName) : ConfigurationProvider
var secretsManagerConfig = new AmazonSecretsManagerConfig()
{
    Profile = new Profile("MyProfile"),
    RegionEndpoint = RegionEndpoint.EUCentral1
};
var secretsManager = new AmazonSecretsManagerClient(secretsManagerConfig);
 
var request = new GetSecretValueRequest
{
    SecretId = "MySecretName"
};
 
var response = await secretsManager.GetSecretValueAsync(request);
 
var secret = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.SecretString);
 
return secret;
</kode>
 
= [https://aws.amazon.com/blogs/modernizing-with-aws/how-to-load-net-configuration-from-aws-secrets-manager/ Load .NET configuration from Secrets Manager] =
<filebox fn='AmazonSecretsManagerConfigurationProvider.cs' collapsed>
public class AmazonSecretsManagerConfigurationProvider : ConfigurationProvider
{
{
    private readonly string secretName;
    public AmazonSecretsManagerConfigurationProvider(string secretName)
    {
        this.secretName = secretName;
    }
     public override void Load()
     public override void Load()
     {
     {
Ligne 50 : Ligne 21 :
         };
         };


         using (var client = new AmazonSecretsManagerClient())
         using var client = new AmazonSecretsManagerClient()
         {
         var response = client.GetSecretValueAsync(request).Result;
            var response = client.GetSecretValueAsync(request).Result;
        return response.SecretString;
            return response.SecretString;
        }
     }
     }
}
}
</filebox>
</filebox>


<filebox fn='AmazonSecretsManagerConfigurationSource.cs' collapsed>
<filebox fn='AmazonSecretsManagerConfigurationSource.cs'>
public class AmazonSecretsManagerConfigurationSource : IConfigurationSource
public class AmazonSecretsManagerConfigurationSource(string secretName) : IConfigurationSource
{
{
    private readonly string secretName;
    public AmazonSecretsManagerConfigurationSource(string secretName)
    {
        this.secretName = secretName;
    }
     public IConfigurationProvider Build(IConfigurationBuilder builder)
     public IConfigurationProvider Build(IConfigurationBuilder builder)
    {
         => new AmazonSecretsManagerConfigurationProvider(this.secretName);
         return new AmazonSecretsManagerConfigurationProvider(this.secretName);
    }
}
}
</filebox>
</filebox>


<filebox fn='ConfigurationBuilderExtensions.cs' collapsed>
<filebox fn='ConfigurationBuilderExtensions.cs'>
public static class ConfigurationBuilderExtensions
public static class ConfigurationBuilderExtensions
{
{
     public static void AddAmazonSecretsManager(
     public static void AddAmazonSecretsManager(this IConfigurationBuilder configurationBuilder, string secretName)
        this IConfigurationBuilder configurationBuilder, string secretName)
     {
     {
         var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName);
         var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName);
Ligne 91 : Ligne 50 :
builder.Configuration.AddAmazonSecretsManager("Secret name");
builder.Configuration.AddAmazonSecretsManager("Secret name");


// inject an object which contains the secrets
builder.Services.Configure<MySecrets>(builder.Configuration);
// access it by injecting IOptions<MySecrets> options
// load the secrets from the configuration into the MySecret object
var mySecrets = configuration
    .GetSection(nameof(MySecrets.MyProperty))
    .Get<MySecrets>();
// get a secret from a configuration key
var secretValue = builder.Configuration["Secret key"];
var secretValue = builder.Configuration["Secret key"];
</filebox>
</filebox>
= Load the secrets into a dictionary =
Nuget packages: {{boxx|AWSSDK.SecretsManager}} {{boxx|AWSSDK.SSO}} {{boxx|AWSSDK.SSOOIDC}}
<kode lang='cs'>
var secretsManagerConfig = new AmazonSecretsManagerConfig()
{
    Profile = new Profile("MyProfile"),
    RegionEndpoint = RegionEndpoint.EUCentral1
};
var secretsManager = new AmazonSecretsManagerClient(secretsManagerConfig);
var request = new GetSecretValueRequest
{
    SecretId = "MySecretName"
};
var response = await secretsManager.GetSecretValueAsync(request);
var secret = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.SecretString);
return secret;
</kode>

Dernière version du 12 juillet 2024 à 14:49

Links

Use a ConfigurationProvider to load secrets from the SecretsManager

AmazonSecretsManagerConfigurationProvider.cs 
public class AmazonSecretsManagerConfigurationProvider(string secretName) : ConfigurationProvider
{
    public override void Load()
    {
        var secret = GetSecret();
        Data = JsonSerializer.Deserialize<Dictionary<string, string>>(secret)!;
    }

    private string GetSecret()
    {
        var request = new GetSecretValueRequest
        {
            SecretId = this.secretName
        };

        using var client = new AmazonSecretsManagerClient()
        var response = client.GetSecretValueAsync(request).Result;
        return response.SecretString;
    }
}
AmazonSecretsManagerConfigurationSource.cs 
public class AmazonSecretsManagerConfigurationSource(string secretName) : IConfigurationSource
{
    public IConfigurationProvider Build(IConfigurationBuilder builder)
        => new AmazonSecretsManagerConfigurationProvider(this.secretName);
}
ConfigurationBuilderExtensions.cs 
public static class ConfigurationBuilderExtensions
{
    public static void AddAmazonSecretsManager(this IConfigurationBuilder configurationBuilder, string secretName)
    {
        var configurationSource = new AmazonSecretsManagerConfigurationSource(secretName);
        configurationBuilder.Add(configurationSource);
    }
}
Program.cs 
builder.Configuration.AddAmazonSecretsManager("Secret name");

// inject an object which contains the secrets
builder.Services.Configure<MySecrets>(builder.Configuration);
// access it by injecting IOptions<MySecrets> options

// load the secrets from the configuration into the MySecret object
var mySecrets = configuration
    .GetSection(nameof(MySecrets.MyProperty))
    .Get<MySecrets>();

// get a secret from a configuration key
var secretValue = builder.Configuration["Secret key"];

Load the secrets into a dictionary

Nuget packages: AWSSDK.SecretsManager AWSSDK.SSO AWSSDK.SSOOIDC

Cs.svg 
var secretsManagerConfig = new AmazonSecretsManagerConfig()
{
    Profile = new Profile("MyProfile"),
    RegionEndpoint = RegionEndpoint.EUCentral1
};
var secretsManager = new AmazonSecretsManagerClient(secretsManagerConfig);

var request = new GetSecretValueRequest
{
    SecretId = "MySecretName"
};

var response = await secretsManager.GetSecretValueAsync(request);

var secret = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.SecretString);

return secret;
Récupérée de « http://wiki.bananeatomic.fr/index.php?title=SecretsManager&oldid=30912 »