如何使用共享访问签名从Azure的金库中获取密钥? [英] How to fetch keys from key vault of azure using share access signature?
问题描述
如果可以使用共享访问签名从天蓝色的密钥库中获取密钥,我会进行一些研发.
I do some R&D if I can fetch keys from azure key vault using share access signature.
在研发期间,我发现SAS只能与存储帐户(即blob,文件,容器和队列资源类型)一起使用.
During the R&D I found that SAS can be used only with the storage account i.e. blob,file,container and queue resource type.
但是我没有得到关于如何使用SAS从密钥库访问密钥的任何帮助.
But I did not get any help that how I can access keys from key vault using SAS.
请告诉我是否有人可以帮助我.
Please let me know if anyone can help me in it.
推荐答案
为了从Azure访问密钥/秘密/证书KV,您需要为应该访问它们的资源(用户或服务主体)创建访问策略.
In order to access keys/secrets/certificates from Azure KV, you need to create an access policy for the resource(user or service principal) that is supposed to access them.
AFAIK SAS就像一个安全凭据,用于提供对存储帐户中资源的委派访问.
AFAIK SAS is like a secure credential and is used to provide delegated access to resources inside a storage account.
现在,如果我正确理解了这一点,那么您想使用为存储帐户创建的SAS访问KV.这不可能.您无法为存储帐户分配访问策略,也无法使用SAS获取KV令牌.
Now if I am understanding this correctly, you want to access KV using SAS created for a storage account. This is not possible. You cannot assign an access policy to a storage account and cannot obtain a token for KV using SAS.
您能否详细说明为什么需要使用SAS来访问KV?
Can you elaborate on why you need to use SAS to access the KV ?
这篇关于如何使用共享访问签名从Azure的金库中获取密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!