https://github.com/kdcllc/netcore.hashicorp.vault
Securing with HashiCorpVault in Kubernetes
https://github.com/kdcllc/netcore.hashicorp.vault
asp-net-core docker hashicorp-vault kubernetes
Last synced: 6 months ago
JSON representation
Securing with HashiCorpVault in Kubernetes
- Host: GitHub
- URL: https://github.com/kdcllc/netcore.hashicorp.vault
- Owner: kdcllc
- License: mit
- Created: 2018-06-25T19:22:19.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-11-05T22:11:46.000Z (almost 7 years ago)
- Last Synced: 2025-04-14T19:16:21.759Z (6 months ago)
- Topics: asp-net-core, docker, hashicorp-vault, kubernetes
- Language: C#
- Size: 32.2 KB
- Stars: 20
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- License: LICENSE
Awesome Lists containing this project
README
# HashiCorp Vault Asp.Net Core 2.0 Netstandard implementation
The goal of this project is to provide a way to read encrypted values from HashiCorp Vault thru environment variables inside the
Kubernetes pods.
- ConfigMap - store non-secure information i.e HashiCorp Vault url with port number and keys for the secure data to be retrieved.
- Secrets - store HashiCorp Vault credentials.
## Nuget Package
```
Install-Package NetCore.HashiCorp.Vault
```
# Docker
There are two example of using this library in the Docker container.
- ConsoleApp
- WebApp
In order for the example to run the following code is added to the Configurations for both projects:
```
.ConfigureAppConfiguration((context, configBuilder) => {
configBuilder.AddEnvironmentVariables();
configBuilder.AddJsonFile("appsettings.json", optional: true);
configBuilder.AddCommandLine(args);
var configuration = configBuilder.Build();
#region DEBUG: Seed the Vault before reading into Configurations
// bind vault options
var options = new VaultOptions();
configuration.Bind("VaultOptions", options);
// bind seeder
var seedData = new List();
configuration.Bind("VaultSeeder", seedData);
var logger = new LoggerFactory()
.AddConsole()
.AddDebug()
.CreateLogger();
// seed
new VaultWriteService(
logger,
options,
seedData
).SeedVault();
#endregion
// retrieve encrypted values and make available to the application
configuration = configBuilder.AddHashiCorpVault(configuration).Build();
// set configuration
context.Configuration = configuration;
})
```
# Tools
- Visual Studio.NET 2017
- Visual Studio Code
# Resources
# Configurations
1. Json format
```
{
"VaultOptions": {
"Server": "http://localhost:8300",
// "RoleId": "",
// "SecretId": "",
"TokenId": "root_dev_token",
"Prefix": "secret",
"Secrets": [
"connectionString",
"option1"
]
}
}
```
2. YAML format
```
VaultOptions:
Server: http://localhost:8300
TokenId: root_dev_token
Prefix: secret
Secrets:
- connectionString
- option1
```
# Docker Communication
In order to troubleshoot connection between the Docker container, log into one of the containers and install `ping` [utility](https://stackoverflow.com/questions/39901311/docker-ubuntu-bash-ping-command-not-found):
```
apt-get update && apt-get install -y iputils-ping
```