Create a new secret provider
Arcus Security Team - Date: ?
Arcus Security Team - Date: ?
[SHOWTOGROUPS=4,20]
Create a new secret provider
Prerequisites
The secret providers are configured during the initial application build-up in the Program.cs:
This section describes how a new secret store source can be added to the pipeline.
Developing a secret provider
Create a new secret provider
Prerequisites
The secret providers are configured during the initial application build-up in the Program.cs:
Код:
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host.CreateDefaultBuilder(args)
.ConfigureSecretStore((context, config, builder) =>
{
builder.AddEnvironmentVariables();
})
.ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
}
}This section describes how a new secret store source can be added to the pipeline.
Developing a secret provider
- Install the NuGet package Arcus.Security.Core.
- Implement your own implementation of the ISecretProvider ex:
Код:public class RegistrySecretProvider : ISecretProvider { public Task<string> GetRawSecretAsync(string secretName) { object value = Registry.LocalMachine.GetValue(secretName); return Task.FromResult(value?.ToString()); } public async Task<Secret> GetSecretAsync(string secretName) { string secretValue = await GetRawSecretAsync(secretName); return new Secret(secretValue); } } - Optionally, you can provide an extension for a consumer-friendly way to add the provider. ex:
public static class SecretStoreBuilderExtensions
Or, you can use your provider directly.Код:{ public static SecretStoreBuilder AddRegistry(this SecretStoreBuilder builder) { var provider = new RegistrySecretProvider(); return builder.AddProvider(provider); } } And in the Startup.cs: .ConfigureSecretStore((context, config, builder) => { builder.AddRegistry(); })
Код:.ConfigureSecretStore((context, config, builder) => { var provider = new RegistrySecretProvider(); builder.AddProvider(provider); }) - Now, the secret source is available in the resulting ISecretProvider registered in the dependency injection container. ex:
Код:[ApiController] public class OrderController : ControllerBase { public class OrderController(ISecretProvider secretProvider) { } } - Note that when your secret provider requires caching, you can wrap the provider in a CachedSecretProvider at registration: ex:
When accessing the provider in the application, you can use the ICachedSecretProvider to have access to the cache-specific methods. ex:Код:public static class SecretStoreBuilderExtensions { public static SecretStoreBuilder AddCachedRegistry(this SecretStoreBuilder builder) { var provider = new RegistrySecretProvider(); var configuration = new CacheConfiguration(TimeSpan.FromSeconds(5)); return builder.AddProvider(new CachedSecretProvider(provider, configuration)); } }
Код:[ApiController] public class OrderController : ControllerBase { public class OrderController(ICachedSecretProvider secretProvider) { } }