堆栈内存溢出
  简体   繁体   English

Azure Key Vault 不允许在专用终结点连接中添加来自 azure 门户的机密

[英]Azure Key Vault not allow to add Secrets from azure portal while in a private endpoint connection

 原文  2021-12-15 19:44:01       azure/ azure-keyvault/ azure-private-link

问题描述

I've an azure key vault that has configured with a private endpoint in virtual.network.我有一个 azure 密钥保管库,它在 virtual.network 中配置了专用终结点。 After configuring the private endpoint, I'm not able to add any new secrets to the key vault.配置专用终结点后,我无法向密钥保管库添加任何新机密。

Is there a way to add/edit secrets from azure portal in a key vault while it is configured with a private endpoint.有没有一种方法可以在密钥保管库中添加/编辑来自 azure 门户的机密,同时它配置了专用终结点。

Note: I know that we can access the key vault from a virtual machine within same virtual.network and add/edit secrets in the key vault.注意:我知道我们可以从同一 virtual.network 中的虚拟机访问密钥保管库,并在密钥保管库中添加/编辑机密。

2 个解决方案

解决方案1
 0  2021-12-15 21:13:08

That is the whole point of Private Endpoints.这就是私有端点的全部意义所在。 The Key Vault data plane is now ONLY accessible by resources that are sitting on a machine, cluster, or environment connected to the Virtual Network where the Private Endpoint resource was deployed. Key Vault 数据平面现在只能由位于连接到部署了专用终结点资源的虚拟网络的计算机、集群或环境中的资源访问。

https://docs.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics https://docs.microsoft.com/en-us/azure/key-vault/general/private-link-diagnostics

解决方案2
 -1  2022-03-28 14:46:02

There are 2 ways I can think of to get this done.我可以想到两种方法来完成这项工作。

  1. As a stop gap hack, you can add your current IP as client to the key-vault, when private endpoints are enabled.Go to Key-vault networking --> firewall and .net --> selected.network --> add client IP of your machine作为权宜之计,您可以在启用专用端点时将当前的 IP 作为客户端添加到密钥库。Go 到密钥库网络-->防火墙和 .net --> selected.network -->添加客户端 IP你的机器

  2. Second way is to have Express Route connectivity to your on-premise corporate.network into the private endpoint .NET (or VNet peering if you have VM in cloud).第二种方法是将内部 corporate.network 的 Express Route 连接到专用端点 .NET(如果您在云中有 VM,则使用 VNet 对等互连)。 Recommendation is to use hub-spoke topology for.network.建议对网络使用中心辐射型拓扑。 Please refer below link.请参考以下链接。

Hub-spoke.network topology in Azure Azure 中的 hub-spoke.network 拓扑

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure Key Vault 不允许通过专用端点连接进行访问 - Azure Key Vault not allow access via private endpoint connection Azure Key Vault 门户未显示机密 - Azure Key Vault portal not showing secrets Azure Key Vault 机密查询 - Azure Key Vault Secrets Query Azure Function w/ User-Assigned Managed Identity 从 Key Vault 检索机密在本地工作,但在 Azure 门户中失败 - Azure Function w/ User-Assigned Managed Identity retrieves secrets from Key Vault works locally but fails in Azure Portal 如何配置Azure VM端点ACL以允许从同一门户上的Azure Webjob进行连接 - How to configure my Azure VM Endpoint ACL to allow connection from my Azure Webjob on the same portal 触发 python azure 函数从密钥库中获取机密 - triggering python azure function getting secrets from key vault 使用前缀从 Azure Key Vault 获取所有机密 - Get All Secrets from Azure Key Vault with prefix 从 CI/CD 引用 Azure Key Vault 秘密 YAML - Referencing Azure Key Vault secrets from CI/CD YAML 如何从 Key Vault 自动映射 Azure Functions 机密 - How to map Azure Functions secrets from Key Vault automatically 使用Azure Key Vault中的秘密替换VSTS JSON变量 - VSTS JSON variable substitution with secrets from Azure Key Vault
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM