管理Service Fabric应用程序中的秘密 [英] Managing Secrets in Service Fabric Applications

问题描述

我正在按照 https://docs.microsoft.com/zh-cn/azure/service-fabric/service-fabric-application-secret-management 创建数据加密证书，并在运行时使用该证书解密机密. 我在ApplicationManifest.xml文件中添加了以下代码，以授予Network Service帐户对由其指纹定义的证书的读取权限.

I am following the instructions at https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-application-secret-management to create a data encipherment certificate and use that certificate to decipher the secrets at runtime. I added below piece of code to my ApplicationManifest.xml file to grant Network Service account read access to a certificate defined by its thumbprint.

<Principals>

<Users>

  <User Name="NetworkSvc" AccountType="NetworkService" />

</Users>

</Principals>

<Policies>

<SecurityAccessPolicies>

  <SecurityAccessPolicy ResourceRef="secretsEnciphermentCert" PrincipalRef="NetworkSvc" GrantRights="Full" ResourceType="Certificate" />

</SecurityAccessPolicies>

</Policies>

<Certificates>

<EndpointCertificate X509FindValue="thumbprintValue" Name="secretsEnciphermentCert" />

</Certificates>

现在，我无法将程序包部署到本地群集.总是会因这些错误而失败

Now, I am not able to deploy the package to local cluster. It always fails with these errors

Register-ServiceFabricApplicationType : Value cannot be null.

Parameter name: source

At C:\Program Files\Microsoft SDKs\Service 

Fabric\Tools\PSModule\ServiceFabricSDK\Publish-NewServiceFabricApplication.ps1:251 char:9

+         Register-ServiceFabricApplicationType -ApplicationPathInImage ...

+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     + CategoryInfo          : InvalidOperation: (Microsoft.Servi...usterConnection:ClusterConnection) [Register-Servic 

     eFabricApplicationType], FabricException

    + FullyQualifiedErrorId : RegisterApplicationTypeErrorId,Microsoft.ServiceFabric.Powershell.RegisterApplicationTyp 

    e

推荐答案

您正在使用EndpointCertificate证书，而示例中使用的是SecretsCertificate

You're using an EndpointCertificate certificate, while the example uses a SecretsCertificate

<ApplicationManifest … >
    <Principals>
        <Users>
            <User Name="Service1" AccountType="NetworkService" />
        </Users>
    </Principals>
  <Policies>
    <SecurityAccessPolicies>
      <SecurityAccessPolicy GrantRights="Read" PrincipalRef="Service1" ResourceRef="MyCert" ResourceType="Certificate"/>
    </SecurityAccessPolicies>
  </Policies>
  <Certificates>
    <SecretsCertificate Name="MyCert" X509FindType="FindByThumbprint" X509FindValue="[YourCertThumbrint]"/>
  </Certificates>
</ApplicationManifest>

此外，请确保您在指纹中没有不可见的字符.

Also, make sure you don't have an invisible character in the thumbprint.

从证书存储区复制证书指纹时 在Windows上的管理单元中，在开头放置了一个不可见的字符 指纹字符串.这个不可见的字符可能会导致错误 尝试通过指纹查找证书时，请确保 删除这个多余的字符

When copying a certificate thumbprint from the certificate store snap-in on Windows, an invisible character is placed at the beginning of the thumbprint string. This invisible character can cause an error when trying to locate a certificate by thumbprint, so be sure to delete this extra character

这篇关于管理Service Fabric应用程序中的秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！