[英]Azure Keyvault Local Issues
I've been using Keyvault for a while with Managed Identity.我通过托管身份使用 Keyvault 已有一段时间了。 But for this project I'm getting weird results when developing locally.但是对于这个项目,我在本地开发时得到了奇怪的结果。
For some reason, if I do not have ExcludeManagedIdentityCredential = true, when developing on my local machine, it throws an error and will not get a secret.出于某种原因,如果我没有 ExcludeManagedIdentityCredential = true,在我的本地机器上开发时,它会抛出错误并且不会得到秘密。 If I add that flag, it uses my visual studio credentials like it is supposed to.如果我添加该标志,它会像预期的那样使用我的 visual studio 凭据。
Very confused why I would have to add that flag as I never have before.非常困惑为什么我必须添加以前从未有过的标志。
using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();
DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
{
Diagnostics =
{
LoggedHeaderNames = { "x-ms-request-id" },
LoggedQueryParameters = { "api-version" },
IsLoggingContentEnabled = true,
IsAccountIdentifierLoggingEnabled = true,
},
ExcludeManagedIdentityCredential = true
};
var client = new SecretClient(new Uri(xxx), new DefaultAzureCredential(options));
Error:错误:
Not sure why it is even trying managed identity locally, and why it doesn't fail and continue to use visual studio identity.不知道为什么它甚至在本地尝试托管身份,以及为什么它不会失败并继续使用 visual studio 身份。
Summary: Works fine in cloud, and works fine local when adding ExcludeManagedidentityCredential = true.摘要:在云中运行良好,在添加 ExcludeManagedidentityCredential = true 时在本地运行良好。 Not sure why I need that flag locally.不知道为什么我在本地需要那个标志。
I think this is your problem: https://github.com/Azure/azure-sdk-for.net/issues/28218我认为这是你的问题: https://github.com/Azure/azure-sdk-for.net/issues/28218
Try downgrading Azure.Identity to 1.4 (if possible) to see if the problem continues to reproduce.尝试将 Azure.Identity 降级到 1.4(如果可能)以查看问题是否继续重现。
You must assign a Key Vault access policy for the user logged in Visual Studio.您必须为登录 Visual Studio 的用户分配 Key Vault 访问策略。 Please see: Assign a Key Vault access policy , but on the step with "Select principal*" select the user instead of an app managed identity请参阅: Assign a Key Vault access policy ,但在“Select principal*” select 用户而不是应用托管标识的步骤中
Did you always set this to true?你总是把这个设置为真吗?
IsAccountIdentifierLoggingEnabled = true IsAccountIdentifierLoggingEnabled = true
Set the above to false and see if it works locally without need for setting ExcludeManagedIdentityCredential to true.将以上设置为 false 并查看它是否在本地工作而无需将 ExcludeManagedIdentityCredential 设置为 true。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.