W4k.Extensions.Configuration.Aws.SecretsManager
0.1.0-alpha
See the version list below for details.
dotnet add package W4k.Extensions.Configuration.Aws.SecretsManager --version 0.1.0-alpha
NuGet\Install-Package W4k.Extensions.Configuration.Aws.SecretsManager -Version 0.1.0-alpha
<PackageReference Include="W4k.Extensions.Configuration.Aws.SecretsManager" Version="0.1.0-alpha" />
paket add W4k.Extensions.Configuration.Aws.SecretsManager --version 0.1.0-alpha
#r "nuget: W4k.Extensions.Configuration.Aws.SecretsManager, 0.1.0-alpha"
// Install W4k.Extensions.Configuration.Aws.SecretsManager as a Cake Addin #addin nuget:?package=W4k.Extensions.Configuration.Aws.SecretsManager&version=0.1.0-alpha&prerelease // Install W4k.Extensions.Configuration.Aws.SecretsManager as a Cake Tool #tool nuget:?package=W4k.Extensions.Configuration.Aws.SecretsManager&version=0.1.0-alpha&prerelease
W4k.Extensions.Configuration.Aws.SecretsManager
Configuration provider for AWS SecretsManager.
Installation
dotnet add package W4k.Extensions.Configuration.Aws.SecretsManager
Usage
var builder = WebApplication.CreateBuilder(args);
// add AWS SecretsManager provider for specific secret
builder.Configuration.AddSecretsManager("my-secret-secrets", c => c.ConfigurationKeyPrefix = "AppSecrets");
// add options, bind using `ConfigurationKeyPrefix`
builder.Services
.AddOptions<Secrets>()
.BindConfiguration("AppSecrets");
Additionally, you can pass SecretsManagerClient
to the provider:
// passing custom SecretsManagerClient
var client = new AmazonSecretsManagerClient(/* ... */);
builder.Configuration.AddSecretsManager("my-secret-secrets", client, c => c.ConfigurationKeyPrefix = "AppSecrets");
Configuration
It is possible to specify other options:
Secret Version
If omitted, latest version of the secret will be used, however it is possible to specify custom version or stage:
builder.Configuration.AddSecretsManager(
"my-secret-secrets",
c =>
{
// stage, `Current` or `Previous`
c.Version = StagedSecretVersion.Current;
// custom stage name
c.Version = new StagedSecretVersion { Stage = "dev" };
// specific version ID
c.Version = new SecretVersion { Id = "v9000" };
});
Configuration key prefix
By default, all secret values will be added to the configuration root, however it is possible to specify custom prefix:
builder.Configuration.AddSecretsManager(
"my-secret-secrets",
c =>
{
c.ConfigurationKeyPrefix = "Clients:MyService";
});
With example above, secret property of name Password
will be transformed to Clients:MyService:Password
.
When binding your option type, make sure path is considered or that you bind to the correct configuration section.
Secret processing (parsing and tokenizing)
By default AWS SecretsManager stores secret as simple key-value JSON object - and thus JSON processor is set as default. In some cases, user may want to specify custom format, either more complex JSON object, or even XML document.
In order to support such scenarios, it is possible to specify custom secret processor:
builder.Configuration.AddSecretsManager(
"my-secret-secrets",
c =>
{
c.Processor = new MyCustomSecretProcessor(); // implements `ISecretsProcessor`
});
There's helper class SecretsProcessor<T>
which
can be used to simplify implementation of custom processor (by providing implementation of IParser<T>
and ITokenizer<T>
).
Configuration key transformation
It is possible to hook configuration key transformation, which is used to transform tokenized configuration key.
By default only KeyDelimiterTransformer
is used.
KeyDelimiterTransformer
transforms __
to proper configuration key delimiter, :
.
To add custom transformation, use property KeyTransformers
:
builder.Configuration.AddSecretsManager(
"my-secret-secrets",
c =>
{
c.KeyDelimiterTransformer.Add(new MyCustomKeyTransformer()); // implements `IConfigurationKeyTransformer`
});
It is also possible to clear even default transofmrer by simply calling Clear()
method.
builder.Configuration.AddSecretsManager(
"my-secret-secrets",
c =>
{
c.KeyDelimiterTransformer.Clear();
});
Acknowledgements
This library is heavily inspired by Kralizek.Extensions.Configuration.AWSSecretsManager
.
Alternative approaches
When using AWS Fargate (ECS), you can configure Task Definition to use SecretsManager as a source of environment variables. This approach is described in Passing sensitive data to a container / Using Secrets Manager.
Alternative packages
Kralizek.Extensions.Configuration.AWSSecretsManager
PrincipleStudios.Extensions.Configuration.SecretsManager
Setting icons created by Freepik - Flaticon
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- AWSSDK.SecretsManager (>= 3.3.0)
- Microsoft.Extensions.Configuration (>= 6.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.1.0 | 570 | 8/2/2024 |
1.0.0 | 134 | 1/24/2024 |
0.2.0-alpha | 87 | 1/21/2024 |
0.1.0-alpha | 106 | 1/14/2024 |