[英]Using Azure.Security.KeyVault to retrieve certificate (PFXcontent) via SecretId / SecretIdentifier instead of Microsoft.Azure.KeyVault
Just wondering how you would achieve the same using the new Azure.Security.KeyVault
libraries:只是想知道如何使用新的
Azure.Security.KeyVault
库来实现相同的目标:
Azure.Security.KeyVault.Certificates
https://docs.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.certificates-readme?view=azure-dotnet https://docs.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.certificates-readme?view=azure-dotnet
Azure.Security.KeyVault.Secrets
https://docs.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.secrets-readme?view=azure-dotnet#retrieve-a-secret https://docs.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.secrets-readme?view=azure-dotnet#retrieve-a-secret
Particularly with regards to getting the PFX content from the certificate SecretId.特别是关于从证书 SecretId 获取 PFX 内容。 The new libraries don't seem to offer a way to get the Secret by SecretId or SecretIdentifier, only by name.
新库似乎没有提供通过 SecretId 或 SecretIdentifier 获取 Secret 的方法,只能通过名称。
With the aim of matching what would have previously been done like this:为了匹配以前会这样做的事情:
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
CertificateBundle certificateBundle = await keyVaultClient.GetCertificateAsync(certificateIdentifier);
SecretBundle certificateWithPrivateKey = await keyVaultClient.GetSecretAsync(certificateBundle.SecretIdentifier.Identifier);
byte[] certificateWithPrivateKeyDecoded = Convert.FromBase64String(certificateWithPrivateKey.Value);
var certificate = new X509Certificate2(certificateWithPrivateKeyDecoded, (string)null);
return certificate;
Yes, the method does not offer a way to get the Secret by SecretIdentifier, but it has a parameter version
, see SecretClient.GetSecret(String, String, CancellationToken)
.是的,该方法不提供通过 SecretIdentifier 获取 Secret 的方法,但它具有参数
version
,请参阅SecretClient.GetSecret(String, String, CancellationToken)
。
In your case, if you have the certificateIdentifier
, the secret name
and version
are included, they are the same as the certificate, just pass them to the method.在您的情况下,如果您有
certificateIdentifier
,则包括secret name
和version
,它们与证书相同,只需将它们传递给方法即可。
var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
KeyVaultSecret secret = client.GetSecret("secret-name","secret-version");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.