Secrets

AWS Secret Storage

Working with any form of a secret in development such as usernames, connection strings, passwords, etc is always difficult. Simply finding a convenient and efficient way of storing them without putting them in source control can be a daunting task. While there are many ways of handling this such as dotNet secrets, Azure Key Vault, and Hashicorp Vault. I, however, decided to go with AWS’s secret manager.

Vault Comparison

VaultProsCons
.Net SecretsEasy and quick to setup
Built in with .NET Core
Not the best for production
Only works with .NET
Azure Key VaultHosted
Practically free
Difficult automated management
Rotation takes a bit of setup
VaultKey rotation
Very flexible
Difficult policy management
Difficult unseal management
Must be self-hosted
AWS Hosted
Works well with other AWS projects
Auto rotation
Still a fairly new service
$0.40 per secret

Keep in mind that this chart is fully personal opinion, I highly encourage everyone to do their research.

Due to AWS being the current host of choice and not wanted to host and administer a solution myself AWS was the winner.

Time to investigate

So my path working with AWS took me down the dark road of documentation and google searches. Being that it’s still fairly new, being released in April of 2018, there wasn’t really much code examples to look at. After spending a while trying to find something in .NET I was right where I started. Guess it’s time to dig into their API documentation.

One thing I do have to say about Amazon is that they do an amazing job with their documentation.

Working with Password Manager

One of the first things that we have to do is bring in the correct nuget package. The AWSSDK.SecretsManager nuget contains all the necessary parts to allow us to easily interact with the AWS Secret Manager.

Package-Install AWSSDK.SecretsManager

Once we have the appropriate nuget installed now it’s just a manager of authenticating with the appropriate credentials and interacting with the secret storage.

I will admit that I may be taking the lazy way out, but I’m sure that most individuals reading this care more about the actual code rather than me babbling on. As you can tell by the code below it is actually fairly easy to interface with the AWS Secret Manager.

Secret Manager Code

The example below is a implementation that you can quickly plug into your project and start working with.

Usage

What good is an implementation without a good usage example?

Leave a Reply