Home

Awesome

Narochno.Credstash Build status

C# Implementation of Credstash

Intended use is with the Credstash command line tool. Use CLI to enter your values. Configuration Provider is used to retrieve.

TODO:

What is it?

CredStash is a very simple, easy to use credential management and distribution system that uses AWS Key Management Service (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.

Many more details on the original:

Credstash vs Hashicorp Vault

Reference: Credstash

Vault is really neat and they do some cool things (dynamic secret generation, key-splitting to protect master keys, etc.), but there are still some reasons why you might pick credstash over vault:

That said, if you want to do master key splitting, are not running on AWS, care about things like dynamic secret generation, have a trust boundary that's smaller than an instance, or want to use something other than AWS creds for AuthN/AuthZ, then vault may be a better choice for you.

Usage

AWSCredentials creds = new StoredProfileAWSCredentials();
if (!env.EnvironmentName.MatchesNoCase("alpha"))
{
    creds = new InstanceProfileAWSCredentials();
}
builder.AddCredstash(creds, new CredstashConfigurationOptions()
{
    EncryptionContext = new Dictionary<string, string>()
    {
        {"environment", env.EnvironmentName}
    },
    Region = RegionEndpoint.EUWest1
});