search

Kralizek / AWSSecretsManagerConfigurationExtensions

This repository contains a provider for Microsoft.Extensions.Configuration that retrieves secrets stored in AWS Secrets Manager.
MIT License
233 stars 44 forks source link

Accessing secrets when MFA is enabled #83

Open divekarvinit opened 1 year ago

divekarvinit commented 1 year ago

Hello,

Version: 1.7.0 App: .Net 6 Web API

I am unable to use the extension when I have an MFA enabled.

I use the CredentialProfileStoreChain to get AWS credential the following wasy as shown in an example.

var chain = new Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain();
_ = chain.TryGetProfile("nzp", out var prof);
var credentials = prof.GetAWSCredentials(prof.CredentialProfileStore);
builder.Configuration.AddSecretsManager(credentials: credentials, region:prof.Region, configurator: config =>
{
    config.KeyGenerator = (_, name) => name
        .Replace("__", ":");
});

I have a profile setup the following way. .aws\config file

[default]

output = json

region = ap-southeast-2

[profile nzp]

source_profile = default

role_arn = arn:aws:iam::<account_id>:role/<role_name>

mfa_serial = arn:aws:iam::<account_id>:mfa/<user_id>

region = ap-southeast-2

I get following exception when secret manager is added. Error calling AssumeRole for role arn:aws:iam::<account_id>:role/<role_name>

With inner exception as: The MfaSerialNumber has been set but the MfaTokenCodeCallback hasn't. MfaTokenCodeCallback is required in order to determine the MfaTokenCode when MfaSerialNumber is set.

I tried following an example of getting an MFA. But unfortunately cannot use Console in Web API project.

Kralizek commented 1 year ago

Hi, sorry for the late answer.

I've never tested the library when MFA is enabled.

Could you please explain your use case?