[英]Retrieving AWS secrets using Visual Studio toolkit
I am using AWS Secrets manager to store some API keys.我正在使用 AWS Secrets manager 存储一些 API 密钥。 Once configured in the AWS Secrets manager console, I tried using their sample code to retrieve the secrets that I stored.
在 AWS Secrets Manager 控制台中配置后,我尝试使用他们的示例代码来检索我存储的密钥。 Here is the code that is supposed to be used:
这是应该使用的代码:
public static void GetSecret()
{
string secretName = "XYXYXYX";
string region = "us-west-2";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
//IAmazonSecretsManager client = new AmazonSecretsManagerClient((new StoredProfileAWSCredentials()));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
}
// Your code goes here.
}
When I try to run this, I get the following error:当我尝试运行它时,我收到以下错误:
System.AggregateException: 'https://secretsmanager.us-west-2.amazonaws.comgisteredAccounts.jsonET_Core/3.1.4 OS/Microsoft_Windows_6.)'
Inner Exception
AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
I am using the AWS toolkit for VS2019 and I did verify that the credentials are good (I am able to access S3 bucket objects directly from the toolkit).我正在使用适用于 VS2019 的 AWS 工具包,并且确实验证了凭证是否良好(我能够直接从工具包访问 S3 存储桶对象)。
Is there something else that needs to be done to retrieve the secrets?是否还需要做其他事情来检索秘密?
The issue was with unavailability of the default profile in the env variables.问题在于 env 变量中的默认配置文件不可用。 I used the AWS configure to set the credentials for the default profile and modified the creation of the client as below:
我使用 AWS 配置为默认配置文件设置凭据,并修改了客户端的创建,如下所示:
var config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USWest2 };
IAmazonSecretsManager client = new AmazonSecretsManagerClient(config);
Once that is done, I am able to pull my secrets一旦完成,我就可以揭开我的秘密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.