[英]Best way to store passwords for ASP.NET Core app on Azure
I have developed some application and I am using there a external service to send emails (SendGrid). 我已经开发了一些应用程序,并且正在使用外部服务来发送电子邮件(SendGrid)。 To use this service I need login and password to use SendGrid api. 要使用此服务,我需要登录名和密码才能使用SendGrid api。 In developmnet environment I have used .Net Core secrets ( https://docs.microsoft.com/pl-pl/aspnet/core/security/app-secrets?view=aspnetcore-2.2&tabs=windows ) but now after publish I need to deliver login and password in other way. 在developermnet环境中,我使用了.Net Core机密( https://docs.microsoft.com/pl-pl/aspnet/core/security/app-secrets?view=aspnetcore-2.2&tabs=windows ),但是现在发布后,我需要以其他方式传递登录名和密码。 I know that there is a Azure Key Vault, but what if app will be published somwhere else? 我知道有一个Azure密钥保管箱,但是如果在其他地方发布该应用程序该怎么办?
FOR PRODUCTION: Use Managed Identity for Azure Resources to avoid storing connection strings. 生产:使用Azure资源的托管身份来避免存储连接字符串。 It is a clean solution for managing secrets in Key Vault. 这是用于管理Key Vault中机密信息的干净解决方案。
Access Key for Key Vault or other similar resources is never shared, not even to Services or DevOps Engineer to deploy or run the applications in production 永远不会共享Key Vault或其他类似资源的访问密钥,甚至不会共享给Services或DevOps Engineer来部署或运行生产中的应用程序
Program.cs Program.cs中
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.KeyVault;
using Microsoft.Extensions.Configuration.AzureKeyVault;
...
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
if (context.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(
$"https://{builtConfig["KeyVaultName"]}.vault.azure.net/",
keyVaultClient,
new DefaultKeyVaultSecretManager());
}
})
.UseStartup<Startup>();
Startup.cs Startup.cs
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
}
FOR DEVELOPMENT: You can optionally use Dotnet-user-secrets tool to store\\ manage the secrets in local machine. 开发:您可以选择使用Dotnet-user-secrets工具在本地计算机中存储/管理机密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.