understanding how to call secrets engine in vault sharp

Question

we are using Hashi vault enterprise. I have a couple of questions as I am struggling to understand what variables go where and how to format them. Here is my vault settings. Assume v1. we are currently using v1 kv vault Version 1. First we use token auth.

url = https://something.opt.com (standard port 443)

namespace is "our_groupname" and we have a sub namespace that is one of 3 dev, stage, prod

we have a number of secret engines under each namespace. For this example I am using test_access and the actual secrets are under dev_jay.

I know this works as I have it working in python. Just getting the feel of it in c# (my first choice).

the code below. first would the url be just the " https://something.opt.com:443" or "https://something.opt.com:443/our_groupname/dev/ and does the url need to be encoded?

for the vaultClient.V1.Secrets.KeyValue.V1.ReadSecretPathsAsync(secPath,secMount) this is my struggle. is path = "/engine/secrets/" and mount = the /namespace/subnamespace or what?

` // Initialize the Vault client IAuthMethodInfo authMethod = new TokenAuthMethodInfo(config.HashiKey); var vaultClientSettings = new VaultClientSettings(config.hashiURL, authMethod); IVaultClient vaultClient = new VaultClient(vaultClientSettings);

        // Read the secrets list
        List<string> secretsList = new List<string>();

        try
        {
            Secret<ListInfo> secretListInfo = await vaultClient.V1.Secrets.KeyValue.V1.ReadSecretPathsAsync(secPath,secMount);

            secretsList.AddRange(secretListInfo.Data.Keys);
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Error reading secrets list: {ex.Message}");
        }

        return secretsList;
    }

`

what I run the code above the error I get is Newtonsoft.Json.JsonReaderException: 'Unexpected character encountered while parsing value: <. Path '', line 0, position 0.'

Answer 1

I was able to solve this.
Some background. We use hashi vault enterprise, which adds a few requirements. We use token Auth for access. In enterprise you have namespaces. This is what I was struggling with. Little to no documentation related to the functionality, so some digging around the object explorer, and several try's found the answer.
so your url is just https://someurl.som.com:port in enterprise you have namespaces to deal with. we have "rootnamespace" + dev,stage,prod sub-namespaces. This value you set as below. the rest of the code is a sample of how to return a dictionary of secrets.

using VaultSharp;
using VaultSharp.V1.AuthMethods;
using VaultSharp.V1.AuthMethods.Token;
using VaultSharp.V1.Commons;

     private static async Task<Dictionary<string, object>> GetSecrets()
        {

            //lets get the values from json config file.
            var config = ReadJsonConfig();

            // Create a Vault client
            var vaultClientSettings = new VaultClientSettings(config.hashiURL, new TokenAuthMethodInfo(config.HashiSfRwToken))
            {
                Namespace = config.Namespace,
            };
            IVaultClient vaultClient = new VaultClient(vaultClientSettings);

            // Read secrets
            Secret<Dictionary<string, object>> kv1Secrets;
            try
            {
                kv1Secrets = await vaultClient.V1.Secrets.KeyValue.V1.ReadSecretAsync(config.snowrwsecrets, config.snowrwengine);
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Error reading secrets: {ex.Message}");
                Console.WriteLine($"Exception details: {ex}");
                return null;
            }

            return kv1Secrets.Data;
        }