AWSSecretsManagerConfigurationExtensions icon indicating copy to clipboard operation
AWSSecretsManagerConfigurationExtensions copied to clipboard
verified publisher icon Kralizek

Is it possible to provide AcceptedArns through config file?

Open mehul9595 opened this issue 4 years ago • 2 comments

Hello,

I'm trying to decouple accepted ARNs list from the program.cs to a config file, I have my config options defined below in appsettings.json,

"SecretsManagerConfigurationProviderOptions": {
   "acceptedSecretArns": [ "my-arn" ]
 }

Then from the code, I just call the manager like below

 try
            {
                var config = builder.Build();
                logger?.Information("reading secure settings from secrets manager");
                builder.AddSecretsManager(region: RegionEndpoint.USWest2);
                config = builder.Build();
            }
            catch (Exception ex)
            {
                logger?.Error(ex, "Unable to configure SecretsManager");
            }
            return builder;

Here, I'm not sure if the accepdSecretArns would be passed down to the library since I don't have the environment to test AWS secrets manager. Could you share your thoughts if this is correct approach? Also, I would like to make RegionEndpoint as configurable from the appsettings option, any thoughts if I can achieve this?

Thanks

mehul9595 avatar Aug 05 '21 02:08 mehul9595

Hi @mehul9595

As of right now it is not possible to do as you ask. It should be tested how is it possible to use the configuration system to configure a configuration provider. Unfortunately, I never tried it before.

Kralizek avatar Aug 24 '21 14:08 Kralizek

There is a walkaround, https://andrewlock.net/secure-secrets-storage-for-asp-net-core-with-aws-secrets-manager-part-2/

Basically, build you config first time, load appsettings, then addSecretManager can use the params from config, at the end, the builder have to build again

gao87926 avatar Aug 05 '22 02:08 gao87926