3

I have been trying to find a way to use ASP .NET Core 2.1 and retrieve secrets from Secret Manager in AWS.

I found a great blog post and it appears to compile/run without errors but I cannot for the life of me figure out how to access the secrets.

Any help would be appreciated!

https://andrewlock.net/secure-secrets-storage-for-asp-net-core-with-aws-secrets-manager-part-1/

My code:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;

// Secrets


using Amazon;

// Secrets

namespace EJ2FileManagerService
{
    public class Program
    {
        // Secrets

        // Secrets
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Run();


        }

        public static IWebHost CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                     .ConfigureAppConfiguration((hostingContext, config) =>
                     {
                         config.AddSecretsManager( region: RegionEndpoint.USEast2, configurator: ops =>
                         {
                             ops.KeyGenerator = (secret, name) => name.Replace("__", ":");
                         }
                         );
                         Console.WriteLine("Hello World!");
                     })
                .UseStartup<Startup>()
                .Build();
    }
}

Long story short -- I need a secret from AWS in my .NET code. So if I wanted to console write a secret into a Console.WriteLine statement, how would I do it?

user68288
  • 702
  • 2
  • 6
  • 27
  • Q: Can you give more details about the problem? "What's wrong" and/or "what's missing" when you try to read the secret from AWS? Q: Have you tried looking at your app's HTTP request/response (e.g. in Fiddler)? PS: Your "Run code snippet" doesn't work. I assume that has nothing to do with your problem, correct? – paulsm4 Mar 05 '21 at 18:51
  • I need the secret in my .NET code. So if I wanted to console write a secret into a Console.WriteLine statement, how would I do it? – user68288 Mar 05 '21 at 18:54
  • The code snippet was just for info. – user68288 Mar 05 '21 at 19:05
  • I still don't understand your question. You cited a very good article on how to retrieve AWS secrets in .Net Core. Q: Do you have questions about how to do this? Q: Are you trying to read the secret at runtime (which I believe the article completely explains)? Read it into a variable, so you can print the variable with Console.WriteLine()? Q: Are you asking how to (magically?) read a secret from AWS to embed into your .cs source file? Q: What exactly *ARE* you asking? – paulsm4 Mar 05 '21 at 19:13
  • 1
    I am an absolute novice at .NET so please bare with me. All I am trying to do is print a secret into the console that is fetched from AWS. I did this easily in Nodejs. I am trying to access the Secret from AWS secret manager called "MAIN", then access a secret stored in it called "TEST" and print out its value "TEST_VALUE" that is all. So where it says Hello World my life would be made easy if it said TEST : TEST_VALUE. – user68288 Mar 05 '21 at 19:16
  • I cannot find anywhere in the tutorial where he is actually using a secret in his code. Like if I pulled down a database password how would I use this to get that password to feed it in my .NET code? – user68288 Mar 05 '21 at 19:24

1 Answers1

1

OK - so your question is how to READ a secret. Let's try different tutorials:

Example 1: use SecretsManager (much like your original tutorial is doing):

https://nimblegecko.com/how-to-use-aws-secret-manager-secrets-in-dotnet-core-application/

var client = new AmazonSecretsManagerClient(accessKeyId, secretAccessKey, RegionEndpoint.APSoutheast2);
var request = new GetSecretValueRequest
{
    // this gets your secret name, 'web-api/passwords/database' in our case
    SecretId = secretName
};

GetSecretValueResponse response = null;
try
{
    response = client.GetSecretValueAsync(request).Result;
}
...

Example 2: use SecretClient:

https://nimblegecko.com/how-to-securely-store-and-retrieve-passwords-in-dot-net-core-apps-with-azure-key-vault/

var keyVaultUrl = "https://<your-key-vault-name>.vault.azure.net/";
var credential =  new DefaultAzureCredential();
var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential);
KeyVaultSecret secret = client.GetSecret("<your-secret-name>");
Console.WriteLine($"{secret.Name}: {secret.Value}");

The official documentation is here:

AWS SDK for .NET Documentation

If it's still confusing, take a look at the AWS SDK Developer Guide and/or some of the blogs the AWS Documentation page links to.

'Hope that helps!

paulsm4
  • 114,292
  • 17
  • 138
  • 190
  • Thank you for your help -- in your first example how would I writeline a secret? Note my original example was a open source product versus native AWS as I was having trouble with my version of .NET. – user68288 Mar 05 '21 at 19:42
  • I got it via -- Console.WriteLine(response.SecretString); Thank you! – user68288 Mar 05 '21 at 19:49