AWS SECRETS MANAGER - Getting Started and Integrating with .NET Apps | .NET ON AWS
HTML-код
- Опубликовано: 5 авг 2024
- Hey 👋 Hardcoding credentials, connection strings, and other sensitive information in your application code are bad. But then what is the alternative?
If you are building applications on AWS Infrastructure then AWS Secrets Manager provides a centralized store to manage your application secrets. Secrets can be any information like passwords, credentials, connection strings, API keys, etc. Secrets Manager helps you protect access to your IT resources and data by enabling you to rotate and manage access to your secrets.
In this video let’s learn how to get started with using AWS Secrets Manager using a .NET Application. First, we will learn how to connect to Secrets Manager from .NET using the client SDK and retrieve secrets. We will then see how to integrate Secrets Manager into built-in .NET Configuration and how to seamlessly use secrets from our application code. We will also learn how to handle automatic refreshing of Secrets so that the application always has the latest secrets.
This video is sponsored by AWS and is part of the .NET on AWS Series.
00:00 Introduction
04:22 Key Concepts
06:26 Create Secret
08:01 Read Secret
10:54 Secret Versions
12:33 Create Secret From Code
13:26 App Config Integration
17:24 Secrets Manager Configuration Provider
22:42 .NET Secret Manager - Local Dev Environment
29:24 Automatic Refresh Secrets
32:57 Conclusion
Links
🔗 Blog Post - www.rahulpnath.com/blog/aws-s...
🔗 Source Code - rahulpnath.visualstudio.com/D...
🔗AWS Secrets Manager- docs.aws.amazon.com/secretsma...
🔗Github Nuget Package - AWSSecretsManagerConfigurationExtensions - github.com/Kralizek/AWSSecret...
Additional Watching
📹 AWS Credentials - • AWS CREDENTIALS: How T...
📹Options Pattern - • OPTIONS PATTERN in ASP...
📹Secret Manager - • SECRET MANAGER In ASP ...
📹 Environments - • ENVIRONMENTS in ASP NE...
📹 Configuration - • CONFIGURATION in ASP.N...
📹AWS Series - • .NET on AWS
📹ASP NET Core Series - • ASP.NET Core
Come say hi! ✋
🌍 Blog - rahulpnath.com/
✉ Subscribe to my Newsletter - www.rahulpnath.com/subscribe
🐦Twitter - / rahulpnath
📸Instagram - / rahulpnath
🎥 Recording Setup and Workflow - www.rahulpnath.com/blog/youtu...
Make sure to SUBSCRIBE to the channel. THANK YOU for helping me grow this channel !! 
Хобби
Great video. Thank you Rahul.
Glad you liked it Sivakumar! Do check out the follow up video on this here ruclips.net/video/bBMSL4vInYU/видео.html
Great videos brother 👏👏👏keep going
Thank you Prajith! hope you are enjoying the AWS Series bit.ly/aws-net-series
Do let know if you have any topic suggestion.
Rahul, your content is neat, cool, awesome
Thank you Bulat!! Hope you are enjoying the AWS Series bit.ly/aws-net-series
Rahul great👍 excellent
Thank you!
Thanks for informative video please do more
Thank you, I will. Do check out the full AWS series here bit.ly/aws-net-series
Also drop in if you have any topic suggestions.
Thanks for replying . I have implemented aws with .net core in bits and pieces per my project requirement but it would be great if experts like you can do a series on practical app starting from route 53 till Dynamo db/RDS with one api running on else or ecs and other with event driven programming using server less stack for some background processing
@@gga-wh5du Great suggestion - Will add some end end examples and walkthroughs
Thank you for this great video, but I have a question that's been on my mind. If a hacker were to gain access to my EC2 Windows server, implementing the solution of not allowing the connection string to be read from the appsetting.json file would prevent them from accessing it. However, the hacker could potentially use a tool like dnSpy to reverse engineer the code and extract the connection string. Using an obfuscator would also prevent the hacker from being able to read the connection string. So why would I need this solution?
Hi Rahul.. Really very nice explanation and very useful. If possible could you please share the code base link referring to this example. Just wanted to take a look at appsettings.json .. how the specific AWS account details mapping was done ?
Hi Rahul, thank you for the great video. I noticed at 20:55 you successfully integrated Secrets manager to configurations. How did you handle authentication, specify which secret to fetch or specify region. I didn't see that in the video. Also in an environment where they don't allow hardcoding Access keys and secret access keys, how can you authenticate so as to be able to fetch your secrets
Hey Musa, Glad you liked the video. In this example since I am running it from my local developer machine I have set up the creentials in my IDE. I show how to set it up in this blogpost/video www.rahulpnath.com/blog/amazon-credentials-dotnet/
When deploying the app you would be setting up IAM permissions to talk to the resource based on where you are deploying to. Also do check out the follow up video/blog on managing secrets for a real world app here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/
Let me know if that helps or if you have additional questions.
@@RahulNath Thank you Rahul, will check it out and revert.
Hello Rahul, thanks for such educational videos. I create secret via aws cdk and the secrets dont be created as plaintext so i cannot implement this type of technic. Do you have any solution for this kind of problem?
sorry i did not understand the problem? You can create secret in Secrets Manager via cdk
Thanks for video Rahul. Is it possible to combine the both secrets? Like use only one secret with json value where Count and ApiKey are json keys. Will the method you demo on video will also work for this case?
I just did not get why do we need two secrets for the same configuration object. As I know you need to pay for each secret created. Would it make sense to unite them into one?
Glad you like it Denis. Yes, you should be able to store it as a JSON structure for related configuration. It was more to demonstrate I used plain text format. You should also enable some caching on your app so that it does not go to Secrets Manager all the time. I talk about it here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/
Do let me know how that goes.
That's what I did. I'm cheap.
How does this work with the different appsettings environments, for example appsettings.Staging.json and appsettings.Production.json. How can we set secrets for separate environments, and then use the correct appsettings file?
Hey Chris I have a follow up post and video managing secrets for different environments here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/
Let me know if that answers your questions or let know if you additional questions
Awesome thanks! :)@@RahulNath
Can you please cover cloud design patterns like Circuit breaker, Exponential back off etc.
Good suggestion Nilesh. I cover a bit of this in my video on Polly. ruclips.net/video/z6YcU0PW_9E/видео.html
Is that something you were looking for?
@Rahul Is it possible to use aws secretsmanager for frontend projects as well? If so, is it a good practice. I was trying to do so. But ended up with aws security credential issue.
"System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)"
But I didn't face any issues when I tried the same with a api project
السلام عليكم
اخواني بشتغل على برنامج C# و الداتا بيز firebase
حطيت ال
AuthSecret و BasePath
في AWS Secret manager
و دمجت الAWS secret في البرنامج
السوال :
كيف اخلي البرنامج يقرا الداتا بيز من خلال السيكريت
IFirebaseConfig config = new FirebaseConfig
{
AuthSecret = "AuthSecret",
BasePath = "MyBasePath"
};
IFirebaseClient client;
This is my connection configuration in winform c# application,
I recently created AWS secret manager .
How to mange the connection after i got the sample c# code from aws console
Nice. How can you use the amazon properties without use the credential keys before?
Thank you Kevin, Not sure if I understand the question correctly - But if you are looking at how the Credentials are managed check out this post and the associated video www.rahulpnath.com/blog/amazon-credentials-dotnet/
Let me know if that's what you are after
@@RahulNath Thanks a lot but in those videos the keys are in inside the project. Is there other way to use the credentials keys like from the .aws folder?
@@kevinkevin7900 Not sure if you checked but the video and the blog post I linked above shows exactly how to do that
www.rahulpnath.com/blog/amazon-credentials-dotnet/
Please have a look and let me know if that answers your question
Helllo Rahul Ji.. In this Video how to configure the specific AWS account? I meant how exactly this specific AWS account is being retrieved ?
I talk about that in this post and associated video www.rahulpnath.com/blog/amazon-credentials-dotnet/
Is that what you are looking for ?
Do u have any code snippet in nodejs
Unfortunately no.
How it will connect to exact same AWS account???
Depends how the credentials are configured. This post + video might help www.rahulpnath.com/blog/amazon-credentials-dotnet/
Let me know if that helps
@@RahulNath ,in program.cs file ,you added the app.build etc..in which video Full details are available
@@marriageVideos933 sorry didn’t understand the question - Did you get to look the video linked before on credentials ?
@@RahulNath if possible can you please share the program.cs file... because you added some cod in it..i saw in the video
@@marriageVideos933 source code link is there in the description, also the associated blog post link. Let me know if that helps or if you have additional questions
RIP credentials
Hello Rahul, can we rotate secrets with the package(kralizek) used in this video to load secrets. If yes plz let me know how.
Based on the polling interval, it will refresh the values once rotated. Is that what you were looking for?
@@RahulNath Thanks a lot for replying so quickly. I am looking for auto rotation of secrets, how we rotate secrets value what is process of rotation for other types of secret.
@@inzit Have you come across this article docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-other.html
docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html