ConfigService is a minimal ASP.NET Core web API designed to retrieve configuration secrets from HashiCorp Vault using VaultSharp. It serves as a foundational microservice for managing configuration secrets in a microservices architecture.
- Prerequisites
- Installation
- Configuration
- Implementation Details
- Usage
- Testing
- Contribution Guidelines
- License
Before setting up the project, ensure the following are installed:
-
.NET SDK 8.0 or later
Download and install the .NET SDK from the official .NET Download Page. -
HashiCorp Vault
- Install HashiCorp Vault locally: Vault Installation Guide.
- Start a development server (for testing):
vault server -dev
-
VaultSharp Package
The project uses the VaultSharp NuGet package to communicate with HashiCorp Vault.
-
Clone the Repository:
git clone <repository-url> cd ConfigService
-
Restore Dependencies:
Run the following command to restore all required dependencies:
dotnet restore
-
Build the Project:
Build the project using:
dotnet build
The application retrieves configuration secrets from HashiCorp Vault. Ensure the following settings are properly configured:
-
Vault Address:
Default:http://127.0.0.1:8200
Override by setting the environment variable:Vault:Address. -
Vault Token:
Default:myroot
Override by setting the environment variable:Vault:Token.
Note: For production, sensitive information like Vault tokens should be managed securely through environment variables, Azure Key Vault, or Kubernetes secrets.
Key features of the ConfigService:
-
VaultSharp Integration:
The service integrates with VaultSharp to interact with the HashiCorp Vault API. It uses the Key/Value v2 secrets engine to retrieve secrets. -
Minimal API Design:
ConfigService uses the ASP.NET Core minimal API framework for simplicity and lightweight performance. -
Error Handling:
The service includes error handling for scenarios like invalid secret paths or Vault connectivity issues. It ensures clear error messages are returned to users.
For more details on the implementation, refer to the Program.cs file in the repository.
-
Run the Service:
Start the application with the following command:
dotnet run
By default, the service will be available at
http://localhost:5000. -
Retrieve a Secret:
Use any HTTP client (e.g., Postman, curl) to fetch secrets from Vault. Example:
curl http://localhost:5000/config/secret/data/my-secret
Replace
secret/data/my-secretwith the appropriate secret path configured in your Vault. -
Expected Response:
For a secret stored in Vault as:
{ "key1": "value1", "key2": "value2" }The API will return:
{ "key1": "value1", "key2": "value2" }
-
Verify API Response:
Use test tools like Postman or curl to confirm that secrets are retrieved correctly. -
Simulate Error Handling:
Test the service with invalid secret paths or by stopping the Vault server to verify the error responses.
Contributions are welcome! To contribute:
- Fork the repository.
- Create a feature branch.
- Submit a pull request with a clear description of the changes.
This project is licensed under the MIT License. See the LICENSE file for details.