[英]Generate Client Certificate with Azure Function and Azure Key Vault
I have to store a Root Certificate in the Azure Key Vault. 我必须将根证书存储在Azure密钥保管库中。 This step is fine I think.
我认为这一步很好。
The next step is an Azure Function from which I should create some Client Certificates with special IDs and the Root Certificate from the Key Vault. 下一步是Azure功能,我应该从中创建一些具有特殊ID的客户端证书和来自密钥库的根证书。 But I have no idea how to do that.
但是我不知道该怎么做。
Could anybody help me with the Azure Function and how I can create a Client Certificate there? 有人可以帮助我使用Azure功能吗?如何在其中创建客户端证书? The Function should be written in .NET.
该功能应使用.NET编写。 In the web I almost found Powershell Skripts but that doesn't help me.
在网上我几乎找到了Powershell Skripts,但这对我没有帮助。 Would be really great if somebody is able to help me out.
如果有人能够帮助我,那将真的很棒。
Thanks very much. 非常感谢。
Here is a take on it that I got from this post by Jeff Hollinger. 这是我从Jeff Hollinger的这篇文章中学到的。 Here is some sample code you need in the function:
这是函数中需要的一些示例代码:
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Host;
using Microsoft.Extensions.Logging;
namespace KeyVault
{
public static class MyFunctionClass
{
private static string superSecret = System.Environment.GetEnvironmentVariable("SuperSecret");
[FunctionName("MyFunction")]
public static void Run([EventHubTrigger("eventhub", Connection = "EventHubConnectionString")]string myEventHubMessage, ILogger log)
{
// DISCLAIMER: Never log secrets. Just a demo :)
log.LogInformation($"Shhhhh.. it's a secret: {superSecret}");
}
}
}
Sounds like you have your secrets in the Key Vault already so all you are missing then is to add your Key Vault references to your function's App Settings. 听起来您已经在Key Vault中拥有了秘密,因此您所缺少的就是将Key Vault引用添加到功能的“应用程序设置”中。 Here is a description from the Microsoft Azure-Functions-Key-Vault docs .
这是Microsoft Azure-Functions-Key-Vault 文档中的描述 。
When running locally you can add the values to file such as a local.settings.json
like so: 在本地运行时,您可以将这些值添加到文件中,例如
local.settings.json
如下所示:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "UseDevelopmentStorage=true",
"FUNCTIONS_WORKER_RUNTIME": "dotnet",
"SuperSecret": "I love Azure Functions",
"EventHubConnectionString": "Endpoint=sb://jeffs.servicebus.windows.net/;SharedAccessKeyName=MyFakeKey;SharedAccessKey=NotARealSecret"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.