AWS SECRETS MANAGER - Getting Started and Integrating with .NET Apps

AWS SECRETS MANAGER - Getting Started and Integrating with .NET Apps | .NET ON AWS

Рет қаралды 9,110

Күн бұрын

Hey 👋 Hardcoding credentials, connection strings, and other sensitive information in your application code are bad. But then what is the alternative?
If you are building applications on AWS Infrastructure then AWS Secrets Manager provides a centralized store to manage your application secrets. Secrets can be any information like passwords, credentials, connection strings, API keys, etc. Secrets Manager helps you protect access to your IT resources and data by enabling you to rotate and manage access to your secrets.
In this video let’s learn how to get started with using AWS Secrets Manager using a .NET Application. First, we will learn how to connect to Secrets Manager from .NET using the client SDK and retrieve secrets. We will then see how to integrate Secrets Manager into built-in .NET Configuration and how to seamlessly use secrets from our application code. We will also learn how to handle automatic refreshing of Secrets so that the application always has the latest secrets.
This video is sponsored by AWS and is part of the .NET on AWS Series.
00:00 Introduction
04:22 Key Concepts
06:26 Create Secret
08:01 Read Secret
10:54 Secret Versions
12:33 Create Secret From Code
13:26 App Config Integration
17:24 Secrets Manager Configuration Provider
22:42 .NET Secret Manager - Local Dev Environment
29:24 Automatic Refresh Secrets
32:57 Conclusion
Links
🔗 Blog Post - www.rahulpnath.com/blog/aws-s...
🔗 Source Code - rahulpnath.visualstudio.com/D...
🔗AWS Secrets Manager- docs.aws.amazon.com/secretsma...
🔗Github Nuget Package - AWSSecretsManagerConfigurationExtensions - github.com/Kralizek/AWSSecret...
Additional Watching
📹 AWS Credentials - • AWS CREDENTIALS: How T...
📹Options Pattern - • OPTIONS PATTERN in ASP...
📹Secret Manager - • SECRET MANAGER In ASP ...
📹 Environments - • ENVIRONMENTS in ASP NE...
📹 Configuration - • CONFIGURATION in ASP.N...
📹AWS Series - • .NET on AWS
📹ASP NET Core Series - • ASP.NET Core
Come say hi! ✋
🌍 Blog - rahulpnath.com/
✉ Subscribe to my Newsletter - www.rahulpnath.com/subscribe
🐦Twitter - / rahulpnath
📸Instagram - / rahulpnath
🎥 Recording Setup and Workflow - www.rahulpnath.com/blog/youtu...
Make sure to SUBSCRIBE to the channel. THANK YOU for helping me grow this channel !!

Пікірлер: 49

@sivakumarr28 2 жыл бұрын

Great video. Thank you Rahul.

@RahulNath 2 жыл бұрын

Glad you liked it Sivakumar! Do check out the follow up video on this here kzbin.info/www/bejne/mHOwhH9qq66hj7c

@praji999 Жыл бұрын

Great videos brother 👏👏👏keep going

@RahulNath Жыл бұрын

Thank you Prajith! hope you are enjoying the AWS Series bit.ly/aws-net-series Do let know if you have any topic suggestion.

@ashimov1970 Жыл бұрын

Rahul, your content is neat, cool, awesome

@RahulNath Жыл бұрын

Thank you Bulat!! Hope you are enjoying the AWS Series bit.ly/aws-net-series

@agraltechnologies 2 жыл бұрын

Rahul great👍 excellent

@RahulNath 2 жыл бұрын

Thank you!

@IwillFindyousoonorlater Жыл бұрын

Thank you for this great video, but I have a question that's been on my mind. If a hacker were to gain access to my EC2 Windows server, implementing the solution of not allowing the connection string to be read from the appsetting.json file would prevent them from accessing it. However, the hacker could potentially use a tool like dnSpy to reverse engineer the code and extract the connection string. Using an obfuscator would also prevent the hacker from being able to read the connection string. So why would I need this solution?

@gga-wh5du 2 жыл бұрын

Thanks for informative video please do more

@RahulNath 2 жыл бұрын

Thank you, I will. Do check out the full AWS series here bit.ly/aws-net-series Also drop in if you have any topic suggestions.

@gga-wh5du 2 жыл бұрын

Thanks for replying . I have implemented aws with .net core in bits and pieces per my project requirement but it would be great if experts like you can do a series on practical app starting from route 53 till Dynamo db/RDS with one api running on else or ecs and other with event driven programming using server less stack for some background processing

@RahulNath 2 жыл бұрын

@@gga-wh5du Great suggestion - Will add some end end examples and walkthroughs

@user-ry6yg8rm4n 5 ай бұрын

Hi Rahul.. Really very nice explanation and very useful. If possible could you please share the code base link referring to this example. Just wanted to take a look at appsettings.json .. how the specific AWS account details mapping was done ?

@nilesh7158 2 жыл бұрын

Can you please cover cloud design patterns like Circuit breaker, Exponential back off etc.

@RahulNath 2 жыл бұрын

Good suggestion Nilesh. I cover a bit of this in my video on Polly. kzbin.info/www/bejne/sGe8lIhmhbySb6c Is that something you were looking for?

@gibi6266 2 жыл бұрын

Hello Rahul, thanks for such educational videos. I create secret via aws cdk and the secrets dont be created as plaintext so i cannot implement this type of technic. Do you have any solution for this kind of problem?

@RahulNath 2 жыл бұрын

sorry i did not understand the problem? You can create secret in Secrets Manager via cdk

@zambonie86 4 ай бұрын

Hi Rahul, thank you for the great video. I noticed at 20:55 you successfully integrated Secrets manager to configurations. How did you handle authentication, specify which secret to fetch or specify region. I didn't see that in the video. Also in an environment where they don't allow hardcoding Access keys and secret access keys, how can you authenticate so as to be able to fetch your secrets

@RahulNath 4 ай бұрын

Hey Musa, Glad you liked the video. In this example since I am running it from my local developer machine I have set up the creentials in my IDE. I show how to set it up in this blogpost/video www.rahulpnath.com/blog/amazon-credentials-dotnet/ When deploying the app you would be setting up IAM permissions to talk to the resource based on where you are deploying to. Also do check out the follow up video/blog on managing secrets for a real world app here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/ Let me know if that helps or if you have additional questions.

@zambonie86 4 ай бұрын

@@RahulNath Thank you Rahul, will check it out and revert.

@denisbrusnin8585 Жыл бұрын

Thanks for video Rahul. Is it possible to combine the both secrets? Like use only one secret with json value where Count and ApiKey are json keys. Will the method you demo on video will also work for this case? I just did not get why do we need two secrets for the same configuration object. As I know you need to pay for each secret created. Would it make sense to unite them into one?

@RahulNath Жыл бұрын

Glad you like it Denis. Yes, you should be able to store it as a JSON structure for related configuration. It was more to demonstrate I used plain text format. You should also enable some caching on your app so that it does not go to Secrets Manager all the time. I talk about it here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/ Do let me know how that goes.

@mikebreeden6071 8 ай бұрын

That's what I did. I'm cheap.

@kevinkevin7900 2 жыл бұрын

Nice. How can you use the amazon properties without use the credential keys before?

@RahulNath 2 жыл бұрын

Thank you Kevin, Not sure if I understand the question correctly - But if you are looking at how the Credentials are managed check out this post and the associated video www.rahulpnath.com/blog/amazon-credentials-dotnet/ Let me know if that's what you are after

@kevinkevin7900 2 жыл бұрын

@@RahulNath Thanks a lot but in those videos the keys are in inside the project. Is there other way to use the credentials keys like from the .aws folder?

@RahulNath 2 жыл бұрын

@@kevinkevin7900 Not sure if you checked but the video and the blog post I linked above shows exactly how to do that www.rahulpnath.com/blog/amazon-credentials-dotnet/ Please have a look and let me know if that answers your question

@shauncs Жыл бұрын

@Rahul Is it possible to use aws secretsmanager for frontend projects as well? If so, is it a good practice. I was trying to do so. But ended up with aws security credential issue. "System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)" But I didn't face any issues when I tried the same with a api project

@mutazadil5119 Жыл бұрын

السلام عليكم اخواني بشتغل على برنامج C# و الداتا بيز firebase حطيت ال AuthSecret و BasePath في AWS Secret manager و دمجت الAWS secret في البرنامج السوال : كيف اخلي البرنامج يقرا الداتا بيز من خلال السيكريت IFirebaseConfig config = new FirebaseConfig { AuthSecret = "AuthSecret", BasePath = "MyBasePath" }; IFirebaseClient client; This is my connection configuration in winform c# application, I recently created AWS secret manager . How to mange the connection after i got the sample c# code from aws console

@user-hy7kx1gu5x 10 ай бұрын

How does this work with the different appsettings environments, for example appsettings.Staging.json and appsettings.Production.json. How can we set secrets for separate environments, and then use the correct appsettings file?

@RahulNath 10 ай бұрын

Hey Chris I have a follow up post and video managing secrets for different environments here www.rahulpnath.com/blog/aws-secrets-manager-from-dotnet-application/ Let me know if that answers your questions or let know if you additional questions

@user-hy7kx1gu5x 10 ай бұрын

Awesome thanks! :)@@RahulNath

@user-ry6yg8rm4n 5 ай бұрын

Helllo Rahul Ji.. In this Video how to configure the specific AWS account? I meant how exactly this specific AWS account is being retrieved ?

@RahulNath 5 ай бұрын

I talk about that in this post and associated video www.rahulpnath.com/blog/amazon-credentials-dotnet/ Is that what you are looking for ?

@riyazbasha7982 Жыл бұрын

Do u have any code snippet in nodejs

@RahulNath Жыл бұрын

Unfortunately no.

@inzit Жыл бұрын

Hello Rahul, can we rotate secrets with the package(kralizek) used in this video to load secrets. If yes plz let me know how.

@RahulNath Жыл бұрын

Based on the polling interval, it will refresh the values once rotated. Is that what you were looking for?

@inzit Жыл бұрын

@@RahulNath Thanks a lot for replying so quickly. I am looking for auto rotation of secrets, how we rotate secrets value what is process of rotation for other types of secret.

@RahulNath Жыл бұрын

@@inzit Have you come across this article docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-other.html docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html

@marriageVideos933 Жыл бұрын

How it will connect to exact same AWS account???

@RahulNath Жыл бұрын

Depends how the credentials are configured. This post + video might help www.rahulpnath.com/blog/amazon-credentials-dotnet/ Let me know if that helps

@marriageVideos933 Жыл бұрын

@@RahulNath ,in program.cs file ,you added the app.build etc..in which video Full details are available

@RahulNath Жыл бұрын

@@marriageVideos933 sorry didn’t understand the question - Did you get to look the video linked before on credentials ?

@marriageVideos933 Жыл бұрын

@@RahulNath if possible can you please share the program.cs file... because you added some cod in it..i saw in the video

@RahulNath Жыл бұрын

@@marriageVideos933 source code link is there in the description, also the associated blog post link. Let me know if that helps or if you have additional questions