本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 .NET AWS SDK 获取 Secrets Manager 密钥值
在应用程序中,您可以通过在任何 AWS SDK 中调用 GetSecretValue 或 BatchGetSecretValue 来检索密钥。不过,我们建议您通过使用客户端缓存来缓存您的密钥值。缓存密钥可以提高速度并降低成本。
对于 .NET 应用程序,请使用 Secrets Manager 基于 .NET 的缓存组件或直接使用 GetSecretValue 或 BatchGetSecretValue 调用 SDK。
以下代码示例演示如何使用 GetSecretValue。
所需权限:secretsmanager:GetSecretValue
using System; using System.IO; using System.Threading.Tasks; using Amazon.SecretsManager; using Amazon.SecretsManager.Model; /// <summary> /// This example uses the Amazon Web Service Secrets Manager to retrieve /// the secret value for the provided secret name. /// </summary> public class GetSecretValue { /// <summary> /// The main method initializes the necessary values and then calls /// the GetSecretAsync and DecodeString methods to get the decoded /// secret value for the secret named in secretName. /// </summary> public static async Task Main() { string secretName = "<<{{MySecretName}}>>"; string secret; IAmazonSecretsManager client = new AmazonSecretsManagerClient(); var response = await GetSecretAsync(client, secretName); if (response is not null) { secret = DecodeString(response); if (!string.IsNullOrEmpty(secret)) { Console.WriteLine($"The decoded secret value is: {secret}."); } else { Console.WriteLine("No secret value was returned."); } } } /// <summary> /// Retrieves the secret value given the name of the secret to /// retrieve. /// </summary> /// <param name="client">The client object used to retrieve the secret /// value for the given secret name.</param> /// <param name="secretName">The name of the secret value to retrieve.</param> /// <returns>The GetSecretValueReponse object returned by /// GetSecretValueAsync.</returns> public static async Task<GetSecretValueResponse> GetSecretAsync( IAmazonSecretsManager client, string secretName) { GetSecretValueRequest request = new GetSecretValueRequest() { SecretId = secretName, VersionStage = "AWSCURRENT", // VersionStage defaults to AWSCURRENT if unspecified. }; GetSecretValueResponse response = null; // For the sake of simplicity, this example handles only the most // general SecretsManager exception. try { response = await client.GetSecretValueAsync(request); } catch (AmazonSecretsManagerException e) { Console.WriteLine($"Error: {e.Message}"); } return response; } /// <summary> /// Decodes the secret returned by the call to GetSecretValueAsync and /// returns it to the calling program. /// </summary> /// <param name="response">A GetSecretValueResponse object containing /// the requested secret value returned by GetSecretValueAsync.</param> /// <returns>A string representing the decoded secret value.</returns> public static string DecodeString(GetSecretValueResponse response) { // Decrypts secret using the associated AWS Key Management Service // Customer Master Key (CMK.) Depending on whether the secret is a // string or binary value, one of these fields will be populated. if (response.SecretString is not null) { var secret = response.SecretString; return secret; } else if (response.SecretBinary is not null) { var memoryStream = response.SecretBinary; StreamReader reader = new StreamReader(memoryStream); string decodedBinarySecret = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(reader.ReadToEnd())); return decodedBinarySecret; } else { return string.Empty; } } }
