[英]Using KeyVault secrets to override appsettings in Azure App Service and locally
Attempting to retrieve secrets from KeyVault in a C# App Service.尝试从 C# 应用服务中的 KeyVault 检索机密。
Visual Studio > Tools > Options > Azure Service Authentication - authenticated Azure account Visual Studio > 工具 > 选项 > Azure 服务身份验证 - 经过身份验证的 Azure 帐户
Likely use az login
in the shell that you dotnet run
if on vs code etc. Not Checked.如果使用 vs 代码等,可能会在
dotnet run
的 shell 中使用az login
。未检查。
System Assigned
System Assigned
...
"KeyVaultName" : "abc123",
"Secrets": {
"One" : "@Microsoft.KeyVault(Secreturi=[uri to secret copied from Azure blade])"
}
...
...
using Azure.Extensions.AspNetCore.Configuration.Secrets;
using Azure.Identity;
...
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var builtConfig = config.Build();
var secretClient = new SecretClient(
new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
I am just getting the @Microsoft ...
value which I had expected to be mapped to the value from the keyvault.我刚刚获得了
@Microsoft ...
值,我希望将其映射到密钥库中的值。
Something seems off as I have to define the name of the keyvault twice, once in the SecretClient and once in the @Microsoft.KeyVault reference.似乎有些不对劲,因为我必须两次定义密钥库的名称,一次在 SecretClient 中,一次在 @Microsoft.KeyVault 参考中。
It seems I was mixing two methods of getting secrets from the KeyVault.似乎我混合了两种从 KeyVault 获取机密的方法。
What I added in Program.cs
was a configuration provider that maps secrets into the configuration collection.我在
Program.cs
中添加的是一个配置提供程序,它将机密映射到配置集合中。 Putting a breakpoint in Startup.cs
and inspecting the value in the configuration collection validated this.在
Startup.cs
放置一个断点并检查配置集合中的值验证了这一点。
What I should have done is named the secret Secret--One
which will map and override the local config value { "Secret: { "One" : "..." } }
. Cannot use :
or __
used in Environment Variable config mapping as those characters are not supported in secret names.我应该做的是命名秘密
Secret--One
它将映射和覆盖本地配置值{ "Secret: { "One" : "..." } }
。不能使用:
或__
在环境变量配置映射中使用因为这些字符在秘密名称中不受支持。
Feel I am still missing something here so please update in comments or another answer.感觉我在这里仍然缺少一些东西,所以请在评论或其他答案中更新。
If, on the other hand, you want to override config values using Environment Variables set on the Azure Application Settings (App Service Configuration) blade, then you can use KeyVault References.另一方面,如果要使用 Azure 应用程序设置(应用服务配置)边栏选项卡上设置的环境变量覆盖配置值,则可以使用 KeyVault 引用。
The issue with this is that you still need another method to ensure you don't keep secrets locally and risk committing them to source control.这样做的问题是您仍然需要另一种方法来确保您不会在本地保存机密并冒着将它们提交给源代码控制的风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.