堆栈内存溢出
  简体   繁体   English

为什么 Azure 存储帐户有两个密钥?

[英]Why Azure storage account has two keys?

 原文  2017-10-17 16:14:31       azure/ azure-storage

问题描述

Why Azure storage account has two keys ?为什么 Azure 存储帐户有两个密钥? Please explain with some real time examples请用一些实时示例进行解释

2 个解决方案

解决方案1
 7  2017-10-19 14:43:21

This mechanism is for seamlessly changing access keys without service interruption.此机制用于在不中断服务的情况下无缝更改访问密钥。

Suppose you leaked an access key and want to change it.假设您泄露了访问密钥并想要更改它。 If it's just one key and you have it changed in the storage service - then your application services will be unable to access the storage until they are reconfigured to use the new key.如果它只是一个密钥并且您在存储服务中更改了它 - 那么您的应用程序服务将无法访问存储,直到它们被重新配置为使用新密钥。 That might result in downtime or degradation up to several dozen minutes long and even more depending on how your application services support reconfiguration.这可能会导致长达几十分钟甚至更多的停机或性能下降,具体取决于您的应用程序服务如何支持重新配置。

It's much simpler with two keys which can be regenerated separately.使用两个可以单独重新生成的密钥要简单得多。 Suppose all your application services use the primary key and you want to change both primary and secondary key.假设您的所有应用程序服务都使用主键,并且您希望同时更改主键和辅助键。 You change the secondary key, then reconfigure the services to use the new secondary key, that might take a while but during that time services which you haven't reconfigured yet still use the primary key and can access the storage.您更改辅助密钥,然后重新配置服务以使用新的辅助密钥,这可能需要一段时间,但在此期间您尚未重新配置的服务仍使用主密钥并可以访问存储。 Once all your application services have switched to the new secondary key you change the primary key.一旦您的所有应用程序服务都切换到新的辅助键,您就可以更改主键。 You may want to reconfigure the services again so that they use the primary key because that's convenient but isn't strictly necessary.您可能希望再次重新配置服务,以便它们使用主键,因为这很方便,但并非绝对必要。 This way you have no downtime and no degradation in your application services while both keys are being changed.这样,在更改两个密钥时,您的应用程序服务不会停机,也不会降级。

解决方案2
 5  2017-10-17 19:02:52

The reason behind two storage account keys is to regenerate the keys with no interruption to your storage service or access to that service.两个存储帐户密钥背后的原因是在不中断存储服务或访问该服务的情况下重新生成密钥。

For more information refer the section “Manage your storage access keys” in the below documentation: https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account#manage-your-storage-account有关详细信息,请参阅以下文档中的“管理您的存储访问密钥”部分: https ://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account#manage-your- 存储帐户

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法以编程方式获取 Azure 存储帐户的密钥 - Unable to programmatically get the keys for Azure Storage Account Azure 使用客户管理的密钥进行存储帐户加密 - Azure storage account encryption with customer managed keys 将 API 密钥/密码存储在 Azure 存储帐户表中 - Storing API keys/passwords inside a Azure Storage Account Table 如何在Ansible中获取Azure RM存储帐户密钥? - How to fetch Azure RM storage account keys in Ansible? 在不使用主键或辅助键的情况下使用 azure 存储帐户进行身份验证 - Authenticating with azure storage account without using primary or secondary keys 使用 terraform 轮换 Azure 存储帐户访问密钥 - Rotate Azure storage account access keys using terraform 使用 Key Vault 管理其密钥的 Azure 存储帐户 - Azure Storage Account with Key Vault to manage its keys 使用 azure 策略将客户管理的密钥附加到存储帐户 - Appending customer managed keys to storage account using azure policy Kubernetes集群在Azure存储帐户中存在oplock(samba)文件 - Kubernetes cluster has oplock (samba) on file in Azure storage account Azure 存储帐户容器 - Azure storage account container
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM