The Segura SDK for .NET makes it easy for developers to access the Segura services in their C# code and build robust applications and software using the Segura PAM and DSM services. The services include Credentials, Devices, and DevOps Secret Management.
Requirements
To run the SDK, your system will need to meet the minimum requirements, including having .NET Framework >= 4.8. It’s also necessary to get an application token for OAuth 2.0 standard authorization with the system administrator.
Information
- Local caching: all information is stored in a local cache to reduce the response time of requests. The data is encrypted before storage to ensure security.
- Credentials: the credential object provides a set of methods for querying and registering credentials.
Creating a credential client object
To instantiate a credential client, use the CredentialClient class, providing the PAM URL, OAuth 2.0 Application Client ID, and OAuth 2.0 Application Client Secret.
using Segura;
// Instantiate a credential client.
var client = new CredentialClient(
"https://cofre.Segura.com", // PAM URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application Client ID
"431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client Secret
);
Or:
using Mt4.Segura.Auth;
// Instantiate a client.
var client = new CredentialClient(
"https://cofre.Segura.com", // PAM URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application Client ID
"431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client Secret
);
Create or update a credential
Use the Save method to create or update a credential. If a credential with the provided parameters is found, it will be changed; otherwise, a new credential will be created.
Method signature
public void Save(string hostname, string ip, string identifier, string username) { ...
| Parameter | Type | Required | Example |
|---|---|---|---|
hostname |
String | YES | mycredential02 |
ip |
String | YES | 22.13.50.71 |
identifier |
String | YES | 5 |
username |
String | YES | credential05 |
Example: Saving a credential
client.Save("mycredential02",
"22.13.50.71",
"5",
"credential05");
Search for a registered credential
Use the Get method to query a single credential.
Method signature
public Credential Get(string hostname = null, string ip = null, string username = null) { ...
| Parameter | Type | Required | Description |
|---|---|---|---|
hostname |
String | NO | mycredential02 |
ip |
String | NO | 22.13.50.71 |
username |
String | NO | credential05 |
Example: searching the credential credential05 from the device with hostname mycredential02
var credential = client.Get(hostname: "mycredential02",
username: "credential05");
List credentials
Use the Fetch method to query a list of credentials.
Method signature
public List<Credential> Fetch(string hostname = null, string ip = null, string username = null, string all = null) { ...
| Parameter | Type | Required | Description |
|---|---|---|---|
hostname |
String | NO | mycredential02 |
ip |
String | NO | 22.13.50.71 |
username |
String | NO | credential05 |
all |
String | NO | Search the value in the fields hostname, ip or username |
Example 1: Listing all credentials
var credentials = client.Fetch();
Example 2: Listing all credentials from the device with hostname mycredential02
var credentials = client.Fetch(hostname: "mycredential02");
Deactivate a credential
Use the Disable method to inactivate a credential.
Method signature
private void Disable(string hostname = null, string ip = null, string username = null) { ...
| Parameter | Type | Required | Description |
|---|---|---|---|
hostname |
String | NO | mycredential02 |
ip |
String | NO | 22.13.50.71 |
username |
String | NO | credential05 |
Example: deactivating the credential credential05 from the device with hostname mycredential02
var credential = client.Disable(hostname: "mycredential02",
username: "credential05" );
Devices
The device object provides a set of methods for querying and registering devices.
Creating a device client object
To instantiate a device client, use the DeviceClient class, providing the URL, OAuth 2.0 Application Client ID, and OAuth 2.0 Application Client Secret.
using Segura;
// Instantiate a device client.
var device = new DeviceClient(
url: "https://cofre.Segura.com", // URL
client_id: "7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application Client ID
client_secret: "431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client Secret
);
Create or update a device
Use the Save method to create or update a device. If a device with the provided parameters is found, it will be changed; otherwise, a new device will be created.
Method signature
public void Save(string hostname, string ip, string site, string model, string vendor, string type) { ...
| Parameter | Type | Required | Description |
|---|---|---|---|
hostname |
String | YES | mydevice02 |
ip |
String | YES | 22.13.50.71 |
site |
String | YES | AWS |
model |
String | YES | CentOS 7 |
vendor |
String | YES | CentOS |
type |
String | YES | Should be an existing one. Server |
Example: saving a device
var device = client.Save("mydevice02",
"22.13.50.71",
"AWS",
"CentOS 7",
"CentOS",
"Server" );
Search for a registered device
Use the Get method to query a single device.
Method signature:
public Device Get(string identifier) { ...
| Filter | Type | Required | Description |
|---|---|---|---|
identifier |
String | YES | Hostname or device id |
Example: searching the localhost hostname device
var device = client.Get("localhost");
List devices
Use the Fetch method to query a list of devices.
Method signature
public List<Device> Fetch(string hostname = null, string ip = null, string type = null, string vendor = null, string model = null, string site = null) { ...
| Filter | Type | Required |
|---|---|---|
hostname |
String | NO |
ip |
String | NO |
type |
String | NO |
vendor |
String | NO |
model |
String | NO |
site |
String | NO |
Example 1: listing all devices
var devices = client.Fetch();
Example 2: listing devices of type server
var devices = client.Fetch(type: "server");
Deactivate a device
Use the Disable method to inactivate a device.
Method signature
private void Disable(string identifier) { ...
| Filter | Type | Required | Description |
|---|---|---|---|
identifier |
String | YES | Hostname or device id |
Example: inactivating the localhost hostname device
client.Disable("localhost");
Devops secret management
The DSM object provides a set of methods for registering an application and managing its secrets and variables.
Creating a dsm client
To instantiate an application client, use the ApplicationClient class.
You will have to provide the following parameters:
- Vault URL.
client_ID.client_secret.
using Segura;
// Instantiate an Application client.
var client = new ApplicationClient(
"https://cofre.Segura.com", // PAM URL
"7e02a0e07eef10e73f56585a9a505fb2e", // OAuth 2.0 Application Client ID
"431eaba0fb56bf360272b54892" // OAuth 2.0 Application Client Secret
);
Create or update an application
Use the Save method to create or update the application. If the client has an application with the combination of application, system, and environment, it will be changed; otherwise, a new application or authorization will be created. If the application has dynamic provisioning enabled, the target will automatically provision a secret.
Method signature
public void Save(string application, string system, string environment, string unique_key = null) { ...
| Parameter | Type | Required | Example |
|---|---|---|---|
application |
String | YES | checkout |
system |
String | YES | ecommerce |
environment |
String | YES | production |
unique_key |
String | NO | checkout_auth01 |
Example: saving an application
var application = client.Save("checkout",
"ecommerce",
"production" );
Get the client application info and secrets
Use the Get method to return the client application information.
Method signature
public Application Get() { ...
Example: get the application information and secrets
var application = client.Get();
Registering application secrets
Use the RegisterSecret method to register the application secrets.
Method signature
public void RegisterSecret(string secret_type, string access_keys, List<KeyValuePair<string, string>> key_value, string credentials, string certificate, string ssh_key) { ...
| Parameter | Type | Required | Example |
|---|---|---|---|
secret_type |
String | YES | access_key, key_value, credential, certificate or ssh_key |
access_keys |
String | YES | Access Key information (access_key type only) |
key_value |
List<KeyValuePair<string, string>> | YES | Key/Value pair information (key_value type only) |
credentials |
String | YES | Credential information (credential type only) |
certificate |
String | YES | Certificate information (certificate type only) |
ssh_key |
String | YES | SSH key information (ssh_key type only) |
Example: create an application secret (for key_value type)
client.RegisterSecret("key_value",
"",
new List<KeyValuePair<string, string>>{ new KeyValuePair<string, string>("key1", "val1"),
new KeyValuePair<string, string>("key2", "val2"),
new KeyValuePair<string, string>("key3", "val3")},
"",
"valid_certificate_value", // Provide a valid certificate value here
"");
Registering application variables
Use the RegisterVariables method to register the application variables.
Method signature
public void RegisterVariables(string env, string helm, string map) { ...
| Parameter | Type | Required | Description |
|---|---|---|---|
env |
String | YES | The environment variables for the application |
helm |
String | YES | The application helm |
map |
String | YES | The variables map |
Example: registering the application variables
client.RegisterVariables("PATH=C:\\,SHELL=cmd",
"helm",
"map" );
Delete the application authorization
Use the Delete method to delete the client application authorization. If dynamic provisioning is enabled for the application, all secrets will be unprovisioned automatically.
Method signature
public void Delete() { ...
Example: deleting the client application authorization
client.Delete();