PowerApp 用户无法从 azure 密钥保管库中获取机密(通过 Power Automate)
[英]Users of PowerApp can't get secret from azure key vault (through Power Automate)
问题描述
For a azure keyvault connection in Power Automate I am using an app registration.
对于 Power Automate 中的 azure keyvault 连接,我正在使用应用程序注册。 Users of a PowerApp I made can't seem to get secrets from the azure key vault unless I give them access to the keyvault.我创建的 PowerApp 用户似乎无法从 azure 密钥保管库中获取机密,除非我授予他们访问密钥保管库的权限。 I was hoping adding the users to the acces policies in the keyvault would be enough.我希望将用户添加到密钥库中的访问策略就足够了。 Is there a way to let users get secrets in a PowerApp (through Power Automate) without giving them full access to the keyvault?有没有办法让用户在 PowerApp 中获取机密(通过 Power Automate)而不授予他们对 keyvault 的完全访问权限?
1 个解决方案
解决方案1
0 2020-11-13 18:30:23
You could grant them the "get" permission only on secrets:您可以授予他们仅对秘密的“获取”权限:
az keyvault set-policy --name myvault --secret-permissions get --upn <user ID/email>
However, a better approach might be to run your application as a service principal (or have middleware service that does - really depends on why users need access to the secrets) and it contact Key Vault directly.但是,更好的方法可能是将您的应用程序作为服务主体运行(或者有中间件服务 - 实际上取决于用户为什么需要访问机密)并且它直接联系 Key Vault。 That service principal should be given minimal rights - basically the same command as above, except using --spn instead of --upn .该服务主体应该被赋予最小的权限 - 基本上与上面相同的命令,除了使用--spn而不是--upn 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.