UniversalSecretsManagerConnector is a .NET 8 library designed to provide a unified interface for reading and writing secrets across multiple secret management providers. It supports AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, environment variables, and file-based secret storage.
Get Started
$ dotnet add package UniversalSecretsManagerConnectorReadme
UniversalSecretsManagerConnector
UniversalSecretsManagerConnector is a .NET 8 library that provides a unified interface for reading and writing secrets from multiple secret management systems: AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, environment variables, and file-based storage.
Overview
- Unified, minimal API surface for common secret operations (read/write).
- Provider-specific implementations are placed under
SecretsManagerConnector.*namespaces. - Small helper utilities are provided in
Helper/Utility.csto normalize inputs and parse provider responses.
Requirements
-
.NET 8 SDK
-
Provider-specific credentials and configuration (see provider sections below).
-
Important: If you plan to use the HashiCorp Vault implementation included in this repository, the Vault KV secrets engine MUST be mounted as kv-v2 under the mount path
secret(this is the path hard-coded by the library). The code expects to call endpoints like/v1/secret/data/allapps/{secretName}.Example (Vault CLI):
# enable kv-v2 at path "secret" (run on the Vault server or where VAULT_ADDR/VAULT_TOKEN are configured) vault secrets enable -path=secret kv-v2 # write a secret that will be visible to this library at secret/allapps/mysecret vault kv put secret/allapps/mysecret value="my-value"Note: If you mount kv-v2 at a different path, you'll need to change the library's hard-coded path (see
SecretsManagerConnector.HashiCorp.SecretReader) or adapt your Vault configuration.
Quick start
- Ensure you have the .NET 8 SDK installed.
- Add this project to your solution or reference its NuGet package .
- Use the
ManagerConnectorstatic helper to call provider-specific methods.
Build
From the repository root:
dotnet build
Simple usage example
Create a small console app and add a project reference to this connector project, or reference the package.
Example C# usage (Console App - async Main):
using System;
using System.Threading.Tasks;
class Program
{
static async Task Main(string[] args)
{
// HashiCorp Vault example
string vaultAddr = "https://127.0.0.1:8200";
string vaultToken = "s.xxxxxxxxxxxxxxxxx";
string secretName = "mysecret";
// Read
string secretValue = await UniversalSecretsManagerConnector.ManagerConnector.GetSecretFromHashiCorp(vaultAddr, vaultToken, secretName);
Console.WriteLine($"Secret: {secretValue}");
// Write
await UniversalSecretsManagerConnector.ManagerConnector.SetSecretInHashiCorp(vaultAddr, vaultToken, secretName, "new-value");
}
}
Example for AWS Secrets Manager:
string secret = await UniversalSecretsManagerConnector.ManagerConnector.GetSecretFromAWS("my-aws-secret-name");
await UniversalSecretsManagerConnector.ManagerConnector.SetSecretInAWS("my-aws-secret-name", "my-new-value");
Example for Azure Key Vault (managed identity):
await UniversalSecretsManagerConnector.ManagerConnector.SetSecretInAzureUsingManagedIdentity("https://myvault.vault.azure.net/", "secret-name", "value");
string val = await UniversalSecretsManagerConnector.ManagerConnector.GetSecretFromAzureUsingManagedIdentity("https://myvault.vault.azure.net/", "secret-name");
Example for environment variables and file-based secrets (synchronous helpers):
// Environment
var env = UniversalSecretsManagerConnector.ManagerConnector.GetSecretFromEnvironmentVariable("MY_ENV_VAR");
UniversalSecretsManagerConnector.ManagerConnector.SetSecretInEnvironmentVariable("MY_ENV_VAR", "value");
// File
var fileSecret = UniversalSecretsManagerConnector.ManagerConnector.GetSecretFromFile("C:\\path\\to\\secret.txt");
UniversalSecretsManagerConnector.ManagerConnector.SetSecretInFile("C:\\path\\to\\secret.txt", "value");
Project / Solution structure
Top-level files
UniversalSecretsManagerConnector.sln— Visual Studio solution file.UniversalSecretsManagerConnector.csproj— library project file.ManagerConnector.cs— static convenience wrapper around provider readers/writers (examples above).ReadMe.md— this file.LICENSE— Apache-2.0.
Folders and purpose
SecretsManagerConnector.AWS/— AWS Secrets Manager reader/writer implementations.SecretsManagerConnector.Azure/— Azure Key Vault reader/writer implementations.SecretsManagerConnector.HashiCorp/— HashiCorp Vault reader/writer (expects kv-v2 mounted atsecret).SecretsManagerConnector.Environment/— read/write helpers for environment variables.SecretsManagerConnector.FilePath/— read/write helpers for file-based secrets.Helper/— shared utilities (e.g. input normalization and response parsing).bin/,obj/— build artifacts and packaged output (including a sample nupkg inbin/Debug).
Notes on HashiCorp Vault behavior
- The HashiCorp reader currently builds the secret path using
secret/data/allapps/{secretName}and then parses the returned JSON to extract name/value pairs (seeHelper/Utility.csfor the parsing logic). - Because the path is hard-coded to the
secretmount andallappsprefix, either ensure your Vault secrets follow that path or modify the code to suit your naming/mount layout.
Extending the library
To add support for another provider, follow the established pattern:
- Add a new folder
SecretsManagerConnector.YourProvider. - Implement
SecretReaderandSecretWriterclasses with async methods that mirror the existing provider signatures. - Use
Helper/Utility.csfor any shared parsing/normalization. - Update
ManagerConnector.csif you want convenience wrapper methods for the new provider.
License
This project is licensed under the Apache-2.0 License.
Author
Ifeanyi Nwodo
Contributing
Contributions, issues, and feature requests are welcome! Please open an issue or submit a pull request.
Disclaimer
This library is provided as-is. Always review and test cryptographic code for your specific use case and security requirements.