stackoom
  简体   繁体   中英

Azure Diagnostics - encrypting connection string in cscfg

 原文  2016-01-27 08:58:32       c#/ azure/ encryption/ diagnostics

Question

In our project, we want to use Azure Diagnostics. All is fine, except one thing, there seems to be no possibility to encrypt Azure Diagnostics connection string in cscfg file. Take this configuration part in cscfg, for instance (real values obscured):

In above, the whole conn string (also AccountKey) is seen in Azure portal. That is our problem.

Link to verify: https://manage.windowsazure.com/microsoft.onmicrosoft.com#Workspaces/CloudServicesExtension/CloudService/your-cloud-srv/configure

Also, it can be seen in this cscfg file. During roll out, we do not want to expose AccountKey to any other parties than eg Portal administrator. Now, my question is: is it possible to use encrypted AccountKey in cscfg file, or, what is the proposed way to activate Azure diagnostics in suc a manner that conn string can be decrypted just before Azure Diag activation?

This all has to work with the latest Azure SDK 2.71 or 2.8.1.

UPDATE: If I add encrypted conn string to say cscfg, being it eg EncDiagConnString, is it still possible with Azure SDK 2.7.1 or Azure SDK 2.8.1 to programatically start diagnostics, if I provide decrypted conn string in Azure roles OnStart() method?

UPDATE2: It seems to be so that activating Azure Diagnostics, it is possible outside cloud service via Azure management API (REST API), the best option seems to be using Azure PowerShell cmdlets: https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics/

2 answers

solution1
 0  2016-01-27 09:07:52

The two options you have for this are to either store connections strings in App Settings / Connections strings! for the app. Or to use Azure Key Vault to store application secrets and access them programatically.

solution2
 0  2016-02-21 05:36:09

You will have to enable diagnostics from outside in that case and configure storage account using powershell method. It would have been ideal if we could have specified certificate thumbprint to use with any setting in cscfg file and azure can automatically do this for us when using any setting but sadly it does not exist. There is a feedback open for it here https://feedback.azure.com/forums/169386-cloud-services-web-and-worker-role/suggestions/9025255-certificate-based-settings-encryption

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set Database connection string for Windows azure - worker role in .cscfg file..? Encrypting the connection string Encrypting Connection string for a forms Application Configuration file - encrypting connection string Encrypting connection string - allowing other machines to decrypt Encrypting connection string: “This operation does not apply at runtime” Encrypting a web.config string Azure Windows Azure cscfg file, presenting enums Dynamically change azure configuration (.cscfg) values Encrypting the connection string in web.config file in C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM