Azure Key Vault - 开发人员访问权限 [英] Azure Key Vault - Access for Developers

问题描述

HI TEAM，

我需要了解一个我是KEY VAULT贡献者的场景。我在Azure密钥库中创建了一个SECRET。

I need to understand one scenario where I'm the KEY VAULT Contributor. I have created a SECRET in Azure key vault.

Q1。需要为开发人员提供哪些访问权限？ （贡献者
单独的角色是否有效？，还需要授予任何访问级别权限）  

Q1. What access needs to be given to a developer ? (Contributor Role alone will work or not ?, also any access level permission needs to be granted)  

Q2。如果将保险柜URI 提供给开发人员，他是否可以访问或验证？

Q2. If gave the Vault URI to developer will he able to access or authenticate ?

Q3。所有编程语言对Azure密钥保管库的支持是什么？ 开发人员使用
GO 语言 

Q3. What all programming languages does Azure key vault support ?  Developer using GO language 

问候，

Rahul

 

推荐答案

嗨Rahul，

Hi Rahul,

1  Azure密钥保管库访问由"管理"控制。和"数据" 。平面 在管理级别，您只能授予用户对密钥保管库的读取权限，并提供对密钥，秘密或秘密的任何访问权限。 在数据平面级别的另一个
手上，您可以使用Azure Key Vault访问策略授予用户组权限，以便对Azure Key Vault中的密钥或机密执行特定操作。 因此，您可以仅授予用户访问密钥的权限，而不授予秘密访问权限。请参考
到保护您的密钥库以了解这些概念。

1.  Azure Key Vault access is controlled by "Management" and the "Data" plane.  At management level you can grant a user only a read access to Key Vault with providing any access to Key, Secrets or Secrets.  On the other hand, at Data plane level, you can use Azure Key Vault access policies to grant a user, group permissions to execute specific operations for keys or secrets in Azure Key Vault.  So, you can grant a user access only to keys and not to secrets. Please refer to Secure your Key Vault to understand the concepts.

2。是的，开发人员将能够使用Vault URI访问密钥保管库，授权将基于您在管理平面中的配置（RBAC角色）。 但是，如果要实现身份验证，则需要使用Azure
AD。请参阅 Azure的服务到服务身份验证使用.NET的密钥保管库 用于身份验证详细信息。

2. Yes, the developer will be able to access the Key Vault with the Vault URI and the authorization will be based on the your configuration in the Management Plane (RBAC role).  However, if you want to implement authentication you need to use Azure AD. Refer to Service-to-service authentication to Azure Key Vault using .NET for authentication details.

3。 Azure Key Vault支持-.NET，Node.js，Java，Python，Azure CLI，Powershell等。 您可以参考 KeyVault入门 - 管理密钥
Vault - in Go  样本供您参考。

3. Azure Key Vault supports -.NET, Node.js, Java, Python, Azure CLI, Powershell etc.  You can refer to Getting Started with KeyVault - Manage Key Vault - in Go sample for your reference.

这篇关于Azure Key Vault - 开发人员访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！