堆栈内存溢出
  简体   繁体   English

在本地环境中访问 Azure KeyVault

[英]Accessing Azure KeyVault in Local Environment

 原文  2022-09-08 01:12:18       c#/ .net/ azure/ azure-keyvault/ azure-managed-identity

问题描述

I have an Azure resource group and a user managed identity which has access to my Azure KeyVault but I do not seem to understand how this should work locally.我有一个 Azure 资源组和一个用户管理的身份,可以访问我的 Azure KeyVault,但我似乎不明白这应该如何在本地工作。 I want to access my dev environment keyvault when running my application locally and this is how I was able to make this work CurrentSolution .我想在本地运行我的应用程序时访问我的开发环境密钥库,这就是我能够使这项工作CurrentSolution的方式。 What I ended up doing was creating a service principal and using the credentials to access the key vault only when in local environment.我最终做的是创建一个服务主体并仅在本地环境中使用凭据来访问密钥库。 If the environment is dev, stage, or production then it will use the DefaultAzureCredential (user-managed identity).如果环境是 dev、stage 或 production,那么它将使用 DefaultAzureCredential(用户管理的标识)。

It definitely works but it does not seem like the correct way of doing this.它确实有效,但似乎不是正确的做法。 Is there any advice or pointers I can get to be able to do this is a better way?有什么建议或指示我可以做到这一点是更好的方法吗? Thank you.谢谢你。

string keyVaultEndpoint = "KeyVaultUri";
        if (environment.EnvironmentName.ToLowerInvariant() == "localhost")
        {
            var client = new SecretClient(new(keyVaultEndpoint),
                new ClientSecretCredential("tenantId",
                "clientId",
                "clientSecret"));

            build.AddAzureKeyVault(client, new KeyVaultSecretManager());
        }
        else
        {
            //var secretClient = new SecretClient(new(keyVaultEndpoint), new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = "clientId" }));
            var secretClient = new SecretClient(new(keyVaultEndpoint), new DefaultAzureCredential());
            build.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
        }

        Configuration = build.Build();

2 个解决方案

解决方案1
 0  2022-09-08 16:57:22

In case you are only using secrets and keys, you can use Lowkey Vault too.如果您只使用机密和密钥,您也可以使用Lowkey Vault It won't help you with the if-else you have shared (in fact it can make it a bit worse) but you can avoid sharing credentials or relying on cloud resources while running tests or starting your app locally.它对您共享的 if-else 没有帮助(实际上它会使情况变得更糟),但您可以避免在运行测试或在本地启动应用程序时共享凭据或依赖云资源。

解决方案2
 0  2022-09-14 16:30:32

It may not be a better way, but if you are going to share the credentials of a service principal with your team, then you might as grant the team access - best way is to create a security group with your dev team as membership, and give the security group the minimum permissions needed for the key vault.这可能不是一个更好的方法,但是如果您要与您的团队共享服务主体的凭据,那么您可能会授予团队访问权限 - 最好的方法是创建一个安全组,并以您的开发团队作为成员身份,并且为安全组授予密钥保管库所需的最低权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure Keyvault 根据环境获取值 - Azure Keyvault get values based on environment 从 ASP.NET 核心应用程序访问 Azure KeyVault 中的证书 - Accessing certificate in Azure KeyVault from ASP.NET Core app 为旧版安全令牌服务访问 Azure KeyVault 中的证书 - Accessing Certificates in Azure KeyVault for Legacy Security Token Service 仅使用计算机上安装的证书访问 Azure KeyVault 机密 - Accessing Azure KeyVault secrets only with a certificate installed on the machine 通过 C# 访问 Azure 中的密钥库时引发异常 - Exception raised while accessing keyvault in Azure through C# VS2022 配置 Azure keyvault 看不到本地 secrets.json - VS2022 Configure Azure keyvault not seeing local secrets.json Azure KeyVault 访问出现明显延迟 - Apparent delay in Azure KeyVault access 删除 Azure Keyvault 上的机密不起作用 - Delete Secret on Azure Keyvault not working Azure KeyVault - 签署 JWT 令牌 - Azure KeyVault - Sign JWT Token Azure KeyVault到期日期更新 - Azure KeyVault expiration date update
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM