- An eisting vault
- A client_token or any auth path in the vault
- Any IBuilderConfiguration with values set to vaild vault values
- If you host in K8S, set up the kubernetes auth in the vault, read more; https://banzaicloud.com/blog/inject-secrets-into-pods-vault-revisited/
- Install the nuget package
dotnet add package Devies.Extensions.HashiCorpVault
- Login and get a token with
VaultUtils.LoginWithUserpass
orVaultUtils.LoginWithK8SServiceAccount
, or your own way. - Call
AddVaultEnvironments
on yourIConfigurationBuilder
with your vault-url and token - AddVaultEnvironments HAS TO BE AFTER all other settings that may involve vault variables
{
"ServiceOptions": {
"Url": "https://service.org",
"Username": "vault:secret/data/service/dev#username",
"Password": "vault:secret/data/service/dev#userpass"
}
}
private Func<IConfigurationBuilder, string, IConfigurationRoot> ConfigurationBuilder =
(builder, vaultToken) =>
builder.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.Development.json")
.AddVaultEnvironments("https://vault.myorg.org", vaultToken)
.Build();