.Net Framework web application - Using AWS Secrets in a Configuration Builder

0

We have an on prem application & we want to use AWS Secrets for storing things like DB connection strings.

I've found an example using Azure (https://github.com/aspnet/MicrosoftConfigurationBuilders/blob/main/docs/KeyValueConfigBuilders.md) I've adapted this to try to use AWS in a KeyValueConfigBuilder derived class. This is the LazyInitialize override which fetches the Profile Location and Profile Name from appsettings (we'll inject the values for these settings via Azure Devops)

      protected override void LazyInitialize(string name, NameValueCollection config)
        {
            base.LazyInitialize(name, config);

            ProfilesLocation = UpdateConfigSettingWithAppSettings(ProfilesLocationTag);
            Region = UpdateConfigSettingWithAppSettings(RegionTag);
            ProfileName = UpdateConfigSettingWithAppSettings(ProfileNameTag);
            SecretGroups = UpdateConfigSettingWithAppSettings(SecretGroupsTag).Split(',').ToList();
            Environment = UpdateConfigSettingWithAppSettings(EnvironmentTag);

            var chain = string.IsNullOrEmpty(ProfilesLocation) ? new CredentialProfileStoreChain() :
                new CredentialProfileStoreChain(ProfilesLocation);

            chain.TryGetAWSCredentials(ProfileName, out var credentials);

            IAmazonSecretsManager client = new AmazonSecretsManagerClient(credentials);
        }

Unfortunately, the TryGetAWSCredentials line throws an exception:

InvalidOperationException: The ConfigurationBuilder 'AwsSecrets[SecretsWebApplication.Configuration.MyCustomConfigBuilder]' has recursively re-entered processing of the 'appSettings' section.

Drilling into TryGetAWSCredentials, it seems that the AWSConfigs static constructor is doing lots of configuration reading:

internal static string _awsRegion = AWSConfigs.GetConfig(nameof (AWSRegion));

Is there a way of instantiating AmazonSecretsManagerClient without it attempting to read appsettings?

1개 답변
0

Hi AndrewR,

Are you sure that the AWS config you're injecting got in the right place correctly? Is there any way that you can confirm this first in order to rule out any other issues?

Cheers, Andrei

AWS
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인