堆栈内存溢出
  简体   繁体   English

PROD中的asp.net秘密

[英]asp.net secrets in PROD

 原文  2018-10-03 16:05:16       asp.net/ azure/ azure-keyvault

问题描述

I have been using the new .net 4.7.1 functionality to manage secrets locally in DEV but now I want to publish my web app and of course that doesn't work in PROD. 我一直在使用新的.net 4.7.1功能来在DEV中本地管理机密,但现在我想发布自己的Web应用程序,但是在PROD中不起作用。

I am using a service principal to access Azure key vault in my app and was storing the App Id and Password in the local secrets file. 我正在使用服务主体访问我的应用程序中的Azure密钥库,并将应用程序ID和密码存储在本地机密文件中。 I can of course store all of my secrets in Key vault but I still need to supply it the service principal details to connect to that in the first place. 我当然可以将我的所有秘密存储在Key Vault中,但是我仍然需要向其提供服务主体详细信息,以便首先与之连接。

What's the best option here? 这里最好的选择是什么?

2 个解决方案

解决方案1
 1 已采纳  2018-10-03 16:29:52

You need to store the values you use to open the key vault in the App settings of your application. 您需要在应用程序的“应用程序”设置中存储用于打开密钥库的值。 If your production environment is Azure, you can access the App settings of your application and set them there. 如果您的生产环境是Azure,则可以访问应用程序的“应用程序”设置并在此处进行设置。

Read this article to get an idea of the full picture. 阅读文章以获得完整的图片的想法。 But the jist is that you can use application secrets in a Azure key valut and then use app settings to store the credentials to access that key vault later on. 但最主要的是,您可以在Azure密钥值中使用应用程序密钥,然后使用应用程序设置存储凭据以供以后访问该密钥库。

解决方案2
 0  2018-10-06 20:58:20

You can use Managed Identities so you don't have to store any secret in your app: 您可以使用托管身份,因此不必在应用程序中存储任何秘密:

How to use managed identities for App Service and Azure Functions 如何将托管身份用于App Service和Azure函数

Once configured, add a reference to these nuget packages: Microsoft.Azure.Services.AppAuthentication and Microsoft.Azure.KeyVault 配置完成后,添加对这些nuget包的引用: Microsoft.Azure.Services.AppAuthenticationMicrosoft.Azure.KeyVault

In you application, you can access key vault secrets like that: 在您的应用程序中,您可以访问以下密钥库机密: 

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

...

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
     new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync(
    "https://{{my-vault-name}}.vault.azure.net/", "{{my-secret}}");

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 切换 ASP.NET Secrets 配置 - Switching ASP.NET Secrets Configuration 生产/开发中的 ASP.Net 问题 - ASP.Net Problem in Prod/Dev 在PROD服务器上进行ASP.NET调试 - asp.net debugging on PROD server 如何在asp.net core 2.1中部署secrets.json - How to Deploy secrets.json in asp.net core 2.1 在Prod Server上运行ASP.Net App的问题 - Issue on Running ASP.Net App on Prod Server ASP.NET站点确定是否在Test vs Prod envirnoment上运行 - ASP.NET site Determine if running on Test vs Prod envirnoment 产品服务器上的ASP.NET Identity会话过期太快 - ASP.NET Identity session expires too fast on prod server 如何将ASP.NET 5(vNext)用户机密注入我自己的实用程序类? - How do I inject ASP.NET 5 (vNext) user-secrets into my own utility class? 有没有一种方法可以使用通用主机将调试秘密从asp.net控制台应用程序传递给docker容器? - Is there a way to pass debug secrets to a docker container from a asp.net console application using generic host? 在ASP.NET中的Development / UAT / Prod环境之间切换配置的最佳方法? - Best way to switch configuration between Development/UAT/Prod environments in ASP.NET?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM