In the VaultSharp library, what's the equivalent of setting the VAULT_CACERT environment variable?

Question

I'm getting the error An error occurred while sending the request when using the VaultSharp library in C# to request secrets from a Vault service. I can get the access token I need from the command line, so I know the Vault address and my personal Vault token work.

The CLI relies on the environment variables VAULT_ADDR, VAULT_TOKEN and VAULT_CACERT. I see VaultSharp creates the VaultClientSettings object using the first two: address and token information--but where in VaultSharp can I specify the CA certificate path?

Here's the code I'm using, copied from https://github.com/rajanadar/VaultSharp/blob/master/README.md:

string vaultToken = Environment.GetEnvironmentVariable("VAULT_TOKEN");
VaultSharp.V1.AuthMethods.IAuthMethodInfo authMethod = new VaultSharp.V1.AuthMethods.Token.TokenAuthMethodInfo(vaultToken);

string vaultAddress = Environment.GetEnvironmentVariable("VAULT_ADDR");
var vaultClientSettings = new VaultSharp.VaultClientSettings(vaultAddress, authMethod);
VaultSharp.VaultClient vaultClient = new VaultSharp.VaultClient(vaultClientSettings);

string vaultRoute = Properties.Settings.Default.VaultRoute;
VaultSharp.V1.Commons.Secret<VaultSharp.V1.Commons.SecretData> kv2Secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(vaultRoute);

It's this last statement ReadSecretAsync that throws the error.

Many thanks for your help!

Answer 1

There is no equivalent of VAULT_CACERT in VaultSharp. VaultSharp expects your Vault URL to have a trusted SSL Cert. If not, you will get TLS errors while establishing the handshake. And in non-prod environments, folks typically use the following snippet to solve for it.

ServicePointManager.ServerCertificateValidationCallback += 
  (sender, cert, chain, sslPolicyErrors) => true; // or do specific checks