3

我正在尝试设置 hashcorp vault 并获取存储在 vault 中的键值对(数据库凭据)。

我按照以下链接连接到保险库并从保险库获取凭据 https://github.com/rajanadar/VaultSharp

我可以从保险库连接并获取凭据,但我的问题是如何将此凭据传递给我的数据库上下文。我是否需要将这些凭据存储在某个地方,从那里获取然后传递给我的数据库上下文,或者我是否需要每次都初始化这个类。下面是获取凭证的示例代码

public class VaultService : IVaultService 
{   
    public async Task Configure()
    {
       //code to authenticate role and connect vault here 
       
        //Below is the code that actually fetches the credentials. I am just providing relevant code.
        Secret<SecretData> secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(kvpPath.Value, mountPoint: "kv");
        foreach (var kvp in secret.Data.Data)
        {
            // Console.WriteLine(kvp.Key + " : " + kvp.Value);
        }      
    }   
}   

如何使用上述类来获取和传递凭据。

下面是我的启动类,其中定义了我的数据库上下文:

public class Startup
{
   public void ConfigureServices(IServiceCollection services)
   {
      services.AddTransient<IDbAdapterService, DbAdapterService>();     
   }
}

下面是我需要使用凭据的 DbAdapterService

public class DbAdapterService : DbAdapterService
{
      private readonly AppSettings _settings;
      public DbAdapterService(IOptions<AppSettings> settings)
      {
           _settings = settings?.Value;
           DbConnectionStringBuilder builder = new DbConnectionStringBuilder();
           //Below is where I need to update the credentials
           builder.ConnectionString = _settings.ConnectionString;           
      }
}
4

2 回答 2

1

我认为你做得很好。这是您需要的部分。

 builder.ConnectionString = "server=(local);user id=*******;" +
        "password=*******;initial catalog=AdventureWorks";
    builder["Server"] = ".";
//set up individual key with value

现在换班

public class DbAdapterService : DbAdapterService ,IVaultService 


{

 

    private readonly AppSettings _settings;
          public DbAdapterService(IOptions<AppSettings> settings)
          {
               _settings = settings?.Value;
    
    Secret<SecretData> secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(kvpPath.Value, mountPoint: "kv");
      string Key="";
            foreach (var kvp in secret.Data.Data)
            {
                // Console.WriteLine(kvp.Key + " : " + kvp.Value);
    Key= kvp.Value;
            }   
    
            builder.ConnectionString = "server=(local);user id=*******;" +
                "password=*******;initial catalog=AdventureWorks";
            builder["Server"] = Key;
            builder["User ID"] = Key;
           
    }
    
    }
于 2021-07-12T16:40:47.150 回答
0

您可以通过遵循 ASP.NET Core 的配置抽象来简化并使事情变得更加健壮。

ASP.NET Core 提供您IConfigurationIConfigurationProvider接口,抽象出配置的来源和来源。

您可以使用 Andrew Lock 的 Hashicorp Vault 配置提供程序NetEscapades.Configuration.Vault,它可以让应用程序从 Vault 服务器获取配置和机密。

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration((ctx, builder)=> 
        {
            // build the initial config
            var builtConfig = config.Build();

            builder.AddVaultWithAppRole(
                config["VaultUri"], //The Vault uri with port
                config["RoleId"], // The role_id for the app
                config["SecretId"], // The secret_iId for the app
                config["SecretPath"] // secret paths to load
                );
        })
        .UseStartup<Startup>()
        .Build();

然后在 Startup 类中,您可以使用IConfiguration并获取连接字符串来配置 DbContext。

public IConfiguration Configuration { get; set; }
public void ConfigureServices(IServiceCollection services) {
    services.AddDbContext<AppDbContext>(o => 
        o.UseSqlServer(Configuration.GetConnectionString("SqlServer"))
    );
}

参考:

于 2021-06-30T19:04:06.967 回答