我正在使用AWS Secrets Manager存储一些API密钥。在AWS Secrets Manager控制台中配置后,我尝试使用其示例代码来检索我存储的机密。这是应该使用的代码:
public static void GetSecret()
{
string secretName = "XYXYXYX";
string region = "us-west-2";
string secret = "";
MemoryStream memoryStream = new MemoryStream();
IAmazonSecretsManager client = new AmazonSecretsManagerClient(RegionEndpoint.GetBySystemName(region));
//IAmazonSecretsManager client = new AmazonSecretsManagerClient((new StoredProfileAWSCredentials()));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = secretName;
request.VersionStage = "AWSCURRENT"; // VersionStage defaults to AWSCURRENT if unspecified.
GetSecretValueResponse response = null;
// In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
// See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
// We rethrow the exception by default.
try
{
response = client.GetSecretValueAsync(request).Result;
}
catch (DecryptionFailureException e)
{
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InternalServiceErrorException e)
{
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (InvalidParameterException e)
{
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion
throw;
}
catch (InvalidRequestException e)
{
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (ResourceNotFoundException e)
{
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
catch (System.AggregateException ae)
{
// More than one of the above exceptions were triggered.
// Deal with the exception here, and/or rethrow at your discretion.
throw;
}
// Decrypts secret using the associated KMS CMK.
// Depending on whether the secret is a string or binary, one of these fields will be populated.
if (response.SecretString != null)
{
secret = response.SecretString;
}
else
{
memoryStream = response.SecretBinary;
StreamReader reader = new StreamReader(memoryStream);
string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd()));
}
// Your code goes here.
}
当我尝试运行此命令时,出现以下错误:
System.AggregateException: 'https://secretsmanager.us-west-2.amazonaws.comgisteredAccounts.jsonET_Core/3.1.4 OS/Microsoft_Windows_6.)'
Inner Exception
AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
我正在使用适用于VS2019的AWS工具箱,并且确实验证了凭据是否正确(我能够直接从工具箱访问S3存储桶对象)。
要获取秘密还需要做其他事情吗?
答案 0 :(得分:0)
问题在于env变量中的默认配置文件不可用。我使用AWS configure设置默认配置文件的凭证,并按如下所示修改了客户端的创建:
var config = new AmazonSecretsManagerConfig { RegionEndpoint = RegionEndpoint.USWest2 };
IAmazonSecretsManager client = new AmazonSecretsManagerClient(config);
一旦完成,我就能揭开秘密