使用 Visual Studio 工具包检索 AWS 机密 [英] Retrieving AWS secrets using Visual Studio toolkit
问题描述
我正在使用 AWS Secrets manager 来存储一些 API 密钥.在 AWS Secrets manager 控制台中配置后,我尝试使用他们的示例代码来检索我存储的密钥.这是应该使用的代码:
I am using AWS Secrets manager to store some API keys. Once configured in the AWS Secrets manager console, I tried using their sample code to retrieve the secrets that I stored. Here is the code that is supposed to be used :
public static void GetSecret()
{
string secretName = "XYXYXYX";
string region = "us-west-2";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
//IAmazonSecretsManager client = new AmazonSecretsManagerClient((new StoredProfileAWSCredentials()));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
}
// Your code goes here.
}
当我尝试运行它时,出现以下错误:
When I try to run this, I get the following error :
System.AggregateException: 'https://secretsmanager.us-west-2.amazonaws.comgisteredAccounts.jsonET_Core/3.1.4 OS/Microsoft_Windows_6.)'
Inner Exception
AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
我正在使用适用于 VS2019 的 AWS 工具包,并且我确实验证了凭证是否正确(我能够直接从工具包访问 S3 存储桶对象).
I am using the AWS toolkit for VS2019 and I did verify that the credentials are good (I am able to access S3 bucket objects directly from the toolkit).
是否还需要执行其他操作才能检索机密?
Is there something else that needs to be done to retrieve the secrets?
推荐答案
问题在于 env 变量中的默认配置文件不可用.我使用 AWS 配置为默认配置文件设置凭证并修改客户端的创建如下:
The issue was with unavailability of the default profile in the env variables. I used the AWS configure to set the credentials for the default profile and modified the creation of the client as below :
var config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USWest2 };
IAmazonSecretsManager client = new AmazonSecretsManagerClient(config);
一旦完成,我就可以提取我的秘密
Once that is done, I am able to pull my secrets
这篇关于使用 Visual Studio 工具包检索 AWS 机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
