以编程方式将密钥添加到C#中的密钥保管库
Kyl*_*ann 7 c# azure azure-keyvault
我试图从我在Azure的密钥保管库中运行的服务中输出一些输出.我的服务输出将是用户凭据,这就是我想为此目的使用Key Vault的原因.
到目前为止,我已经尝试过KeyVaultClient的SetSecretAsync方法,但它不适用于我,我没有收到任何错误消息,但是我也没有看到在我的目标KeyVault中创建的新秘密.我无法找到KeyVaultClient Add Secret方法,因为它不存在,我在这里使用正确的对象/方法吗?
这里讨论的方法是AddResult.
这是我的代码:
private static AzureKeyVault instance;
private static KeyVaultClient client;
private AzureKeyVault()
{
//initialize the azure key vault
var vaultAddress = ConfigurationManager.AppSettings["VaultUri"];
client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
}
public static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var clientId = ConfigurationManager.AppSettings["ClientID"];
var clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, clientCredential);
return result.AccessToken;
}
public static AzureKeyVault GetInstance
{
get
{
if (instance == null)
{
instance = new AzureKeyVault();
}
return instance;
}
}
public void AddResult(string machineIPAndPort, BruteForceResult result)
{
client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", machineIPAndPort, JsonConvert.SerializeObject(result));
}
evi*_*obu 10
使用耐心(等待创造).
// Let's create a secret and read it back
string vaultBaseUrl = "https://alice.vault.azure.net";
string secret = "from-NET-SDK";
// Await SetSecretAsync
KeyVaultClient keyclient = new KeyVaultClient(GetToken);
var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result;
// Print indented JSON response
string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented);
Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n");
// Read back secret
string secretUrl = $"{vaultBaseUrl}/secrets/{secret}";
var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result;
Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}");
结果:
SetSecretAsync completed:
{
"SecretIdentifier":{
"BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK",
"Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...",
"Name":"from-NET-SDK",
"Vault":"https://alice.vault.azure.net:443",
"VaultWithoutScheme":"alice.vault.azure.net",
"Version":"597930b70565447d8ba9ba525a206a9e"
},
"value":"Sup3eS3c5et",
"id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...",
"contentType":null,
"attributes":{
"recoveryLevel":"Purgeable",
"enabled":true,
"nbf":null,
"exp":null,
"created":1508354384,
"updated":1508354384
},
"tags":null,
"kid":null,
"managed":null
}
secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et
你应该做的是重写AddResult():
public bool AddResult(string machineIPAndPort, BruteForceResult result)
{
await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/",
machineIPAndPort, JsonConvert.SerializeObject(result));
return true;
}
并且可能将其包装在一起try-catch并阅读,InnerException因为那是有意义的HTTP响应主体所在的位置.例如,针对密钥保管程序发出请求,我无权访问以下结果:
而且因为这是云,你正处于与其他关键任务流量的激烈竞争中,事情将会失败.
| 归档时间: |
|
| 查看次数: |
3034 次 |
| 最近记录: |