App Services中的Keyvault引用 [英] Keyvault references in App Services
问题描述
你好
我当前正在尝试在App Services中使用keyvault引用,该引用目前处于预览状态:
I'm currently trying to use keyvault references in App Services which is in preview at the moment:
https://docs.microsoft.com/zh-CN/azure/app-service/app-service-key-vault-references
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
我们正在使用App Services for Containers,我们会 容器中的应用程序以使用存储在Keyvault中的凭据.直接在应用程序设置"值中添加凭据时,此方法有效.例如,Wordpress能够 在将环境变量添加到WebApp内的应用程序设置时连接到数据库.
We are using App Services for Containers and we would the application within the container to use credentials stored in Keyvault. This is working when adding the credentials directly in the Application Settings value's. For example, Wordpress is able to connect to the database when adding an environment variable to application settings within the WebApp.
由于某种原因,添加密钥库引用时不起作用,并且看来应用程序仅看到完整的字符串,而不是实际进入密钥库以检索机密.
For some reason it doesn't work when adding a keyvault reference and it appears that the application is only seeing the complete string instead of actually going to the Keyvault to retrieve the secrets.
@ Microsoft.KeyVault(SecretUri =
I've double checked the access policies and they seem correct. I've contacted Microsoft Support but because this is in preview they can't support it :(.
有人可以帮助我们吗?预先感谢.
Can someone help us out? Thanks in advance.
Gr.
卫斯理
推荐答案
韦斯利
我在我的应用程序服务中对此进行了测试,并且能够成功检索到秘密值.这些是我的应用服务中的设置,我能够打印出秘密值.
I tested this out in my app service and I am able to retrieve the secret value successfully. These are the settings from my App Service and I was able to print the secret value.
下面是我的代码段以检索值.
Below is my code snippet to retrieve the value.
我也尝试过使用此 ConfigurationManager . AppSettings [ 测试" ] 和 这也很好.
I also tried with this "ConfigurationManager.AppSettings["test"]" and this worked as well.
在测试过程中,我能够在以下情况下重现您的行为:
During testing I was able to reproduce your behavior you behavior in the following scenarios :
1)如果KV中的访问策略配置不正确. (您必须将获取权限分配给将以您的应用程序服务命名的服务主体)
1) If access policy in KV is not configured properly. (you have to assign get permission to the service principal which will e named after your app service )
2)如果秘密uri不正确.
2) If the secret uri is incorrect.
3)如果系统分配的身份已关闭
3) If the System assigned identity is turned off
4)如果您正在更新以上任何设置,但没有重新启动应用程序服务.
4) If you are updating any of the above settings and did not restart your app service.
如果您已经考虑了以上所有内容,请告诉我您如何在应用服务中检索它,我将在实验室中进行测试.
If you have considered all the above then let me know how you are retrieving it in your app service and I will test with that in my lab.
更新:
我注意到您正在wordpress中执行此操作.因此,我部署了wordpress webapp(Linux)并配置了相同的设置.
I noticed you are doing this in wordpress. So I deployed a wordpress webapp (Linux) and configured the same settings.
我能够实际检查应用程序服务Kudu网站(https://appservice.scm.azurewebsites.net/)中的值>环境>环境变量.
I was able to actually check the value in the app service Kudu website (https://appservice.scm.azurewebsites.net/) > Environment > Environment Variables .
这篇关于App Services中的Keyvault引用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
