使用客户端 JavaScript 从 Azure 访问 Key Vault?
[英]Accessing Key Vault from Azure using client side JavaScript?
问题描述
I need to access some secret values from Azure key vault in my JavaScript.
我需要从我的 JavaScript 中的 Azure 密钥库中访问一些秘密值。 It is plain JavaScript, no NPM and node.它是普通的 JavaScript,没有 NPM 和节点。 Is there any option to get the value directly from JavaScript?是否有任何选项可以直接从 JavaScript 获取值? Or I need to write a separate API to retrieve the key vault.或者我需要编写一个单独的 API 来检索密钥保管库。 This is not relevant to securing some IDs, I want to know is there any possible option to get the key vault value from client-side.这与保护某些 ID 无关,我想知道是否有任何可能的选项可以从客户端获取密钥库值。
Here is the link explain how to retrieve key vault using node.js这是解释如何使用 node.js 检索密钥保管库的链接
It is not duplicate of How to Hide an API Key in Client-Side Javascript它与如何在客户端 Javascript 中隐藏 API 密钥不重复
I want this to be done in plain javascript.我希望在普通的 javascript 中完成此操作。
1 个解决方案
解决方案1
2 已采纳 2019-09-23 12:53:36
Doing a little research, I would suggest this is not possible purely with client side JavaScript.做一些研究,我建议这不可能完全使用客户端 JavaScript。
With this chrome developer tools open on the network tab;在网络选项卡上打开此 chrome 开发人员工具; If you browse to the Azure Portal and look at a secret, you can see the in CORS pre-flight request that the allowed origin is https://portal.azure.com If you browse to the Azure Portal and look at a secret, you can see the in CORS pre-flight request that the allowed origin is https://portal.azure.com
This essentially means that the only client side JavaScript hosted on portal.azure.com is allowed to use the API which gets secrets.这实质上意味着托管在门户网站上的唯一客户端 JavaScript.azure.com 被允许使用 ZDB9744238D08CACE16 秘密。
More details on CORS headers here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS有关 CORS 标头的更多详细信息: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.