如何使用共享访问签名从Azure的金库中获取密钥? [英] How to fetch keys from key vault of azure using share access signature?

问题描述

如果可以使用共享访问签名从天蓝色的密钥库中获取密钥，我会进行一些研发.

I do some R&D if I can fetch keys from azure key vault using share access signature.

在研发期间，我发现SAS只能与存储帐户(即blob，文件，容器和队列资源类型)一起使用.

During the R&D I found that SAS can be used only with the storage account i.e. blob,file,container and queue resource type.

但是我没有得到关于如何使用SAS从密钥库访问密钥的任何帮助.

But I did not get any help that how I can access keys from key vault using SAS.

请告诉我是否有人可以帮助我.

Please let me know if anyone can help me in it.

推荐答案

为了从Azure访问密钥/秘密/证书KV，您需要为应该访问它们的资源(用户或服务主体)创建访问策略.

In order to access keys/secrets/certificates from Azure KV, you need to create an access policy for the resource(user or service principal) that is supposed to access them.

AFAIK SAS就像一个安全凭据，用于提供对存储帐户中资源的委派访问.

AFAIK SAS is like a secure credential and is used to provide delegated access to resources inside a storage account. 

现在，如果我正确理解了这一点，那么您想使用为存储帐户创建的SAS访问KV.这不可能.您无法为存储帐户分配访问策略，也无法使用SAS获取KV令牌.

Now if I am understanding this correctly, you want to access KV using SAS created for a storage account. This is not possible. You cannot assign an access policy to a storage account and cannot obtain a token for KV using SAS.

您能否详细说明为什么需要使用SAS来访问KV?

Can you elaborate on why you need to use SAS to access the KV ?

这篇关于如何使用共享访问签名从Azure的金库中获取密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！