Narochno.Credstash.Configuration

Release 2.6.0

Package Description

Homepage NuGet C# Download

Keywords
credstash, aspnetcore, dotnetcore, kms, secret
License
Apache-2.0
Install
Install-Package Narochno.Credstash.Configuration -Version 2.6.0

Documentation

Narochno.Credstash Build status

C# Implementation of Credstash

  • Retrieve secrets for your applications in C#!
  • ASP.NET Core IConfiguration provider.

Intended use is with the Credstash command line tool. Use CLI to enter your values. Configuration Provider is used to retrieve.

TODO:

  • support more than assuming the HMAC is SHA256
  • Credstash class should do more than read?
  • Long term: web based tool to edit?!

What is it?

CredStash is a very simple, easy to use credential management and distribution system that uses AWS Key Management Service (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.

Many more details on the original:

Credstash vs Hashicorp Vault

Reference: Credstash

Vault is really neat and they do some cool things (dynamic secret generation, key-splitting to protect master keys, etc.), but there are still some reasons why you might pick credstash over vault:

  • Nothing to run. If you want to run vault, you need to run the secret storage backend (consul or some other datastore), you need to run the vault server itself, etc. With credstash, there's nothing to run. all of the data and key storage is handled by AWS services
  • lower cost for a small number of secrets. If you just need to store a small handful of secrets, you can easilly fit the credstash DDB table in the free tier, and pay ~$1 per month for KMS. So you get good secret management for about a buck a month.
  • Simple operations. Similar to "nothing to run", you dont need to worry about getting a quorum of admins together to unseal your master keys, dont need to worry about monitoring, runbooks for when the secret service goes down, etc. It does expose you to risk of AWS outages, but if you're running on AWS, you have that anyway

That said, if you want to do master key splitting, are not running on AWS, care about things like dynamic secret generation, have a trust boundary that's smaller than an instance, or want to use something other than AWS creds for AuthN/AuthZ, then vault may be a better choice for you.

Usage

AWSCredentials creds = new StoredProfileAWSCredentials();
if (!env.EnvironmentName.MatchesNoCase("alpha"))
{
    creds = new InstanceProfileAWSCredentials();
}
builder.AddCredstash(creds, new CredstashConfigurationOptions()
{
    EncryptionContext = new Dictionary<string, string>()
    {
        {"environment", env.EnvironmentName}
    },
    Region = RegionEndpoint.EUWest1
});

Stats

Dependencies
3
Dependent packages
0
Dependent repositories
0
Total releases
15
Latest release
First release
Stars
10
Forks
10
Watchers
4
Contributors
9
Repository size
59.6 KB
SourceRank
10

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.6.0
2.5.0
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.0
1.1.1
1.1.0
See all 15 releases

Contributors

Adam Hathcock Travis Gosselin Kevin Smith tstanitz Alan Edwardes Ger Murphy Peter Deme nickpwork Ambrózy Lőrinc


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2018-11-22 06:18:09 UTC

Login to resync this project