堆栈内存溢出
  简体   繁体   English

有哪些适用于 Azure 容器实例的机密存储可用且有意义的解决方案?

[英]What are available and meaningful solutions for storing secrets suitable for Azure Container Instance?

 原文  2020-01-17 11:07:26       c#/ azure/ docker

问题描述

What are available, meaningful ( secure, easy to store/use ) solutions for storing secrets that can be used by the instances of Docker containers hosted in Azure Container Instance?有哪些可用的、有意义的(安全、易于存储/使用)解决方案用于存储 Azure 容器实例中托管的 Docker 容器实例可以使用的机密?

Easy to store/use definition:易于存储/使用定义:

  • Use of environmental variable to access vault secrets directly.使用环境变量直接访问保管库机密。
  • Automated setup of secrets from PowerShell that can be easily modified for another app.从 PowerShell 自动设置机密,可以轻松修改其他应用程序。

Context语境

I'm building an app - the .NET Core 3.x background service hosted in Azure Container Instance.我正在构建一个应用程序 - 托管在 Azure 容器实例中的 .NET Core 3.x 后台服务。 It is a pilot project for a new line of development in my company.这是我公司新开发线的试点项目。 We have a 3rd party solution for storing secrets outside code repository.我们有一个 3rd 方解决方案,用于在代码存储库之外存储秘密。 It's used by all members of Dev team.开发团队的所有成员都在使用它。 This solution produce per-user and per-machine dependency which are unnecessarily complicated for use in Docker images.该解决方案产生了每用户和每台机器的依赖关系,这对于在 Docker 镜像中使用来说是不必要的复杂。

Investigated solutions:调查解决方案:

Azure Key Vault Azure 密钥保管库

I spent half day with reading about Azure Key Vault.我花了半天时间阅读有关 Azure Key Vault 的信息。 I've read some tutorials about using it and how to setup the vault and authorize the app.我已经阅读了一些关于使用它以及如何设置保险库和授权应用程序的教程。 Honestly, I was quite lost.老实说,我很失落。 I wasn't able to make a decision if this is a suitable solution for our needs.我无法决定这是否是满足我们需求的合适解决方案。

1 个解决方案

解决方案1
 0  2020-01-21 00:08:52

Sorry for the delay in responding.抱歉延迟回复。

I would suggest using the Key Vault task to get the secrets as build environment variables then in the CLI script when you create the container pass the secrets in as environment variables then your .Net Core app can simply get them from the environment.我建议使用Key Vault 任务获取机密作为构建环境变量,然后在创建容器时在 CLI 脚本中将机密作为环境变量传入,然后您的 .Net Core 应用程序可以简单地从环境中获取它们。

There is also a labs on this too if that helps如果有帮助,也有一个 实验室

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 存储 Azure Function 机密:未执行 Startup.Configure - Storing Azure Function secrets: Startup.Configure is not executed 使用MSI部署容器实例和部署到其的容器无法读取密钥库机密 - Deploying Container Instance with MSI and containers deployed to it cannot read keyvault secrets AWS Secrets Manager 中的 Azure Key Vault 参考等效项是什么? - What is the Azure Key Vault reference equivalent in AWS Secrets Manager? 带有Azure容器实例的HttpClient随机异常 - HttpClient random exception with Azure Container Instance 使用容器实例在 Azure 中未启用访问 Swagger - Access Swagger not enabled in Azure with Container Instance 在 Azure 寻找合适的服务 - Looking for suitable a service in Azure 在非Azure生产环境中,ASP.NET核心中的用户机密存储的推荐解决方案是什么? - What is the recommended solution for user secrets storage in ASP.NET core in non-Azure production environment? 使用 C# 通过 VNet 创建 Azure 容器实例 - Create Azure container instance with VNet using C# 在Azure中存储媒体,视频和图像的推荐方法是什么 - What is the recommended approach for storing media, videos and image, in Azure 如何使用 AddKeyPerFile 在 linux 容器中加载机密 - How to load secrets in linux container usiing AddKeyPerFile
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM