Conjur .NET API Example Usage

The Conjur .NET API is a powerful tool for integrating Conjur into your .NET projects. Here’s a small example I put together to demonstrate it locally.

1. Set Up Conjur Server

First, you need to set up a local Conjur OSS server. You can either set the server up manually by following to Conjur Quick Start Tutorial, or you can use the repo I made for quickly setting up Conjur instances for projects like this HERE and run ./setup.sh.

Next, give the variable we defined a secret:

docker-compose exec client conjur authn login -u admin -p <admin_API_KEY>
docker-compose exec client conjur variable values add test/secret secretValue

<admin_API_KEY>: Stored in admin_data

Note: This repo is a really rough script I use with a lot of room for improvement. Feel free to use it as just a guide if you want. The main reason I use this repo is to grab the cert from the Conjur server automatically for testing locally

2. Set Env Variables

export CONJUR_ACCOUNT: myConjurAccount
export CONJUR_AUTHN_LOGIN: host/test/myApp
export CONJUR_AUTHN_API_KEY: <myApp_API_KEY>
export CONJUR_APPLIANCE_URL: https://127.0.0.1:8443
export CONJUR_SECOND_USER: admin
export CONJUR_SECOND_API_KEY: <admin_API_KEY>
export CONJUR_CERT_PATH: <path_to_cert>

<myApp_API_KEY>: Stored in user_data
<admin_API_KEY>: Stored in admin_data
<path_to_cert>: The direct path to the conjur-myConjurAccount.pem cert in conjur-for-testing after running ./setup.sh

3. Setup .NET App

First follow the guide in the README on building the repo, and then import this into your project.

Then copy in this small sample app I created for this demo.

using System;
using System.Text;
using Conjur;

namespace TestingConjur
{
    class MainClass
    {
        static String VariableID = "test/secret",
            OriginalSecret = "secretValue",
            NewSecret = "ChangedByDotNetAPI";

        public static void Main(string[] args)
        {
            String conjurAccount = Environment.GetEnvironmentVariable("CONJUR_ACCOUNT");
            String userLogin = Environment.GetEnvironmentVariable("CONJUR_AUTHN_LOGIN");
            String userAPIKey = Environment.GetEnvironmentVariable("CONJUR_AUTHN_API_KEY");
            String applianceURL = Environment.GetEnvironmentVariable("CONJUR_APPLIANCE_URL");
            String secondUser = Environment.GetEnvironmentVariable("CONJUR_SECOND_USER");
            String secondUserAPIKey = Environment.GetEnvironmentVariable("CONJUR_SECOND_API_KEY");
            String CERT_PATH = Environment.GetEnvironmentVariable("CONJUR_CERT_PATH");

            // Import cert
            Client client = new Client(applianceURL, conjurAccount);
            client.TrustedCertificates.ImportPem(CERT_PATH);

            // Log into first user
            Console.WriteLine("Logging into user: " + userLogin);
            client.LogIn(userLogin, userAPIKey);
            // Retrieve variable
            Variable conjurVariable = client.Variable(VariableID);
            String value = conjurVariable.GetValue();
            Console.WriteLine(VariableID + ": " + value);
            printLine();

            // Log into admin
            Console.WriteLine("Logging into user: " + secondUser);
            client.LogIn(secondUser, secondUserAPIKey);
            // Set variable to new value
            Console.WriteLine("Setting '" + VariableID + "' to: " + NewSecret);
            conjurVariable.AddSecret(Encoding.ASCII.GetBytes(NewSecret));
            printLine();

            // Log back into user
            Console.WriteLine("Logging into user: " + userLogin);
            client.LogIn(userLogin, userAPIKey);
            // Retrieve new secret
            String newValue = conjurVariable.GetValue();
            Console.WriteLine(VariableID + ": " + newValue);

            reset(client, conjurVariable, secondUser, secondUserAPIKey);
        }

        private static void reset(Client client, Variable variable, String admin, String adminAPIKey)
        {
            client.LogIn(admin, adminAPIKey);
            variable.AddSecret(Encoding.ASCII.GetBytes(OriginalSecret));

        }

        private static void printLine()
        {
            Console.WriteLine("--------------------------");
        }
    }
}

4. Run

After importing the API and code into your project, you should be able to run the project and watch the magic happen!

Thank you for reading If you have any questions, feel from to ask!

3 Likes