How do I access the actual secrets from AWS Secrets in .NET core? Syncfusion

Question

I have tried multiple tutorials online and none have gotten me to where I can actually use a secret in my .NET build.

I am currently trying to just use the Amazon generated code but I it is still unclear to me how to get the secrets. I have close to 0 experience with .NET but it is necessary for 1 small part of my project and this is the only piece missing.

Any help would be greatly appreciated.

csproj file

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>netcoreapp2.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <Folder Include="wwwroot\" />
  </ItemGroup>

  <ItemGroup>
    <PackageReference Include="AWSSDK.S3" Version="3.3.104.13" />
    <PackageReference Include="Microsoft.AspNetCore.App" />
    <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.1.2" PrivateAssets="All" />
    <PackageReference Include="Syncfusion.EJ2.AspNet.Core" Version="17.4.0.40" />
    <PackageReference Include="AWSSDK.SecretsManager" Version="3.3.0" />
  </ItemGroup>

</Project>

Controller/AmazonS3ProviderController.cs file

using Syncfusion.EJ2.FileManager.AmazonS3FileProvider;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using Syncfusion.EJ2.FileManager.Base;
using Amazon;

using System.IO;
using Amazon.SecretsManager;
using Amazon.SecretsManager.Model;

namespace EJ2AmazonS3ASPCoreFileProvider.Controllers
{

    

    [Route("api/[controller]")]
    [EnableCors("AllowAllOrigins")]
    public class AmazonS3ProviderController : Controller
    {



public static void GetSecret()
{
    string secretName = "TEST";
    string region = "us-east-2";
    string secret = "";

    MemoryStream memoryStream = new MemoryStream();

    IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));

    GetSecretValueRequest request = new GetSecretValueRequest();
    request.SecretId = secretName;
    request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.

    GetSecretValueResponse response = null;

    // In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
    // See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
    // We rethrow the exception by default.

    try
    {
        response = client.GetSecretValueAsync(request).Result;
    }
    catch (DecryptionFailureException e)
    {
        // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw;
    }
    catch (InternalServiceErrorException e)
    {
        // An error occurred on the server side.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw;
    }
    catch (InvalidParameterException e)
    {
        // You provided an invalid value for a parameter.
        // Deal with the exception here, and/or rethrow at your discretion
        throw;
    }
    catch (InvalidRequestException e)
    {
        // You provided a parameter value that is not valid for the current state of the resource.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw;
    }
    catch (ResourceNotFoundException e)
    {
        // We can't find the resource that you asked for.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw;
    }
    catch (System.AggregateException ae)
    {
        // More than one of the above exceptions were triggered.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw;
    }

    // Decrypts secret using the associated KMS CMK.
    // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if (response.SecretString != null)
    {
        secret = response.SecretString;
    }
    else
    {
        memoryStream = response.SecretBinary;
        StreamReader reader = new StreamReader(memoryStream);
        string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
    }

    // Your code goes here.
}

        public AmazonS3FileProvider operation;
        public string basePath;
        protected RegionEndpoint bucketRegion;
        public AmazonS3ProviderController(IHostingEnvironment hostingEnvironment)
        {
            this.basePath = hostingEnvironment.ContentRootPath;
            this.operation = new AmazonS3FileProvider();
            this.operation.RegisterAmazonS3("bucket-1", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "us-east-1");
        }
       
        // gets the image(s) from the given path
        [Route("AmazonS3GetImage")]
        public IActionResult AmazonS3GetImage(FileManagerDirectoryContent args)
        {
            return operation.GetImage(args.Path, args.Id, false, null, args.Data);
        }

    }
  
}

In the controller you will see where I need the access key and secret access key.

Answer 1

You can pass your ‘AWS_ACCESS_KEY_ID‘ and ‘AWS_SECRET_ACCESS_KEY’ directly into your required place. For accessing the Access Key, please refer this AWS Documentation. Also, we can refer configuration file in which we can add the secret keys from your application. Please refer the below UGs for your further references.

https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/credentials.html https://docs.aws.amazon.com/sdk-for-net/latest/developer-guide/creds-assign.html

For further details for this, refer AWS UG.