Azure Key Vault机密可存储应用程序用户的机密 [英] Azure Key Vault secret to store app users secrets
问题描述
在我的应用程序中,我必须存储其用户的非常敏感的数据,例如其他第三部分服务的各种密码(用户填写表格,其中他向我们提供第三部分服务的登录名和密码)
In my application I have to store very sensitive data of its users, such as various password to other 3rd part services (user fill a form where he provides us login and password to 3rd part service)
该应用程序的目标是使用从100多个输入生成的powershell脚本来设置其他复杂的系统.有一项要求将用户工作另存为草稿,这就是为什么我需要以某种方式加密敏感字段的原因.
The goal of the application is to setup other complex system using powershell scripts generated from over 100 inputs. There is a requirement to save user work as draft, and that is why I need to encrypt sensitive fields somehow.
我了解了很多有关Azure Key Vault的信息,每当我阅读有关机密的信息时,似乎它们被描述为保存应用程序设置而不是用户机密,因此我不确定放置这些数据是否正确.
I read a lot about Azure Key Vault and whenever I read about secrets it seems they are described to hold app settings rather then users secrets, so i am not sure if this is right to place those data.
Azure Key Vault机密适合该工作吗?
Is Azure Key Vault secrets suitable for that job?
此外,我能够像使用纯文本一样在azure门户中查看这些值,我想避免这种情况.我想我可以先加密它们并存储已经加密的值,但这可能是工程上的问题.
Moreover i am able to peek those value in azure portal as in plain text, and I want to avoid that. I suppose that I could encrypt them first and store already encrypted values, but this may be over engineering.
推荐答案
目前尚不清楚您将其描述为用户机密.如果是用户凭据,则需要联合登录到身份提供程序,例如Azure AD或Azure AD B2C. Key Vault不是身份提供者,而是秘密存储.如果是应用程序秘密(请考虑连接字符串),则应查看Key Vault(带有
It's not clear what you are describing as user secrets. If it's user credentials, then you need to federate login to an Identity Provider like Azure AD or Azure AD B2C. Key Vault is NOT an identity provider, but a secret store. If it's application secrets (think connection strings) then you should look at Key Vault (with Managed Service Identity).
相反,应用程序设置"(在App Service中)在门户网站中公开,但在静态时被加密.因此,如果您对谁可以访问您的订阅名称空间中的内容小心,则应该没问题.
Conversely, Application Settings (in App Service) are exposed in the Portal but are encrypted at rest. So if you're careful about who can access what within your subscription namespace, you should be just fine.
这篇关于Azure Key Vault机密可存储应用程序用户的机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
