Skip to content

AWSSDK.SecretsManager 4.x has Broken Compatibility in .NET 8 #3825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task
jvetter713 opened this issue May 19, 2025 · 1 comment
Open
1 task

AWSSDK.SecretsManager 4.x has Broken Compatibility in .NET 8 #3825

jvetter713 opened this issue May 19, 2025 · 1 comment
Labels
bug This issue is a bug. credentials needs-reproduction This issue needs reproduction. p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@jvetter713
Copy link

jvetter713 commented May 19, 2025
edited
Loading

Describe the bug

Upgrading from 3.x to 4.x has broken compatibility.

The migration guide only talks about .NET Framework, not .NET Core

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

I expected nothing to suddenly break.

Current Behavior

Exception 1 of 4: The environment variables AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_SESSION_TOKEN were not set with AWS credentials.
Exception 2 of 4: The webIdentityTokenFile must be an absolute path. (Parameter 'webIdentityTokenFile')
Exception 3 of 4: Unable to find the "default" profile.
Exception 4 of 4: Failed to connect to EC2 instance metadata to retrieve credentials: Unable to get IAM security credentials from EC2 Instance Metadata Service..

Reproduction Steps

.NET 8 Minimal Web API

Existing Code example:
private SomeSecretClassOfMine LoadCloudSecrets(string environment)
{
var awsSecretsManagerUrl = Environment.GetEnvironmentVariable("{Secret Env Variable Name}");
var secretId = Environment.GetEnvironmentVariable("{Secret Env Variable Name}");
var secretsManagerConfig = new AmazonSecretsManagerConfig
{
ServiceURL = awsSecretsManagerUrl
};
var secretsManagerClient = new AmazonSecretsManagerClient(secretsManagerConfig);
var secretsRequest = new GetSecretValueRequest
{
SecretId = secretId,
VersionStage = "AWSCURRENT"
};
var secretsResponse = secretsManagerClient.GetSecretValueAsync(secretsRequest).Result;
var secrets = JsonSerializer.Deserialize(secretsResponse.SecretString, JsonSerializerOptions)!;
secrets.Environment = environment;
return secrets;
}

Possible Solution

No response

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

AWSSDK.SecretsManager 3.7.400.152.

Upgrading to any of the 4.x will reproduce

Targeted .NET Platform

.NET 8

Operating System and version

Linux
@jvetter713 jvetter713 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 19, 2025
@ashishdhingra
Copy link
Contributor

@please Good morning. Thanks for opening the issue. Please see the differences in credential resolution order between V3 and V4 at the below links:

The change in order of credential resolution was to make .NET SDK consistent to the specification and other SDK(s). V4 is the major version and hence it was decided to make this breaking change.

Kindly share the execution environment of your application.

Please ensure that you have credentials configured at one of the specified locations and also check the resolution order.

Thanks,
Ashish

@ashishdhingra ashishdhingra added needs-reproduction This issue needs reproduction. p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels May 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. credentials needs-reproduction This issue needs reproduction. p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jvetter713 @ashishdhingra