使用 Visual Studio 工具包检索 AWS 机密
[英]Retrieving AWS secrets using Visual Studio toolkit
问题描述
I am using AWS Secrets manager to store some API keys.
我正在使用 AWS Secrets manager 存储一些 API 密钥。 Once configured in the AWS Secrets manager console, I tried using their sample code to retrieve the secrets that I stored.在 AWS Secrets Manager 控制台中配置后,我尝试使用他们的示例代码来检索我存储的密钥。 Here is the code that is supposed to be used:这是应该使用的代码:
public static void GetSecret()
{
string secretName = "XYXYXYX";
string region = "us-west-2";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
//IAmazonSecretsManager client = new AmazonSecretsManagerClient((new StoredProfileAWSCredentials()));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
}
// Your code goes here.
}
When I try to run this, I get the following error:当我尝试运行它时,我收到以下错误:
System.AggregateException: 'https://secretsmanager.us-west-2.amazonaws.comgisteredAccounts.jsonET_Core/3.1.4 OS/Microsoft_Windows_6.)'
Inner Exception
AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
I am using the AWS toolkit for VS2019 and I did verify that the credentials are good (I am able to access S3 bucket objects directly from the toolkit).我正在使用适用于 VS2019 的 AWS 工具包,并且确实验证了凭证是否良好(我能够直接从工具包访问 S3 存储桶对象)。
Is there something else that needs to be done to retrieve the secrets?是否还需要做其他事情来检索秘密?
1 个解决方案
解决方案1
0 2020-08-13 19:25:43
The issue was with unavailability of the default profile in the env variables.问题在于 env 变量中的默认配置文件不可用。 I used the AWS configure to set the credentials for the default profile and modified the creation of the client as below:我使用 AWS 配置为默认配置文件设置凭据,并修改了客户端的创建,如下所示:
var config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USWest2 };
IAmazonSecretsManager client = new AmazonSecretsManagerClient(config);
Once that is done, I am able to pull my secrets一旦完成,我就可以揭开我的秘密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.