如何通过本地asp.net应用程序在Azure Key Vault中设置机密 [英] How to set a secret in Azure Key Vault from a local asp.net application

问题描述

我有一个本地asp.net core 3.1应用程序，我想在Azure Key Vault中设置一个秘密.以下是我从Microsoft使用的代码:

I have a local asp.net core 3.1 application that I want to set a secret in an Azure Key Vault. The following is the code I used from Microsoft:

string secretName = "xxSecret";

string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
var kvUri = "https://" + keyVaultName + ".vault.azure.net";
var secretClient = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());

string secretValue = "test";
secretClient.SetSecret(secretName, secretValue);
KeyVaultSecret secret = secretClient.GetSecret(secretName);

当我尝试设置机密时，在邮递员中出现以下错误:

When I try to set a secret, I get the following error in Postman:

Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed.
 ---> Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed.
 ---> Microsoft.Identity.Client.MsalServiceException: AADSTS70002: The client does not exist or is not 
enabled for consumers. If you are the application developer, configure a new application through the 
App Registrations in the Azure Portal

我不想注册此应用，但我想在本地调试此应用.我猜问题是我没有正确设置访问策略.如何授予我的本地应用访问权限?

I don't want to register this app, yet as I want to debug this locally. I'm guessing the issue is that I don't a correct Access Policy set up. How do I grant my local app access?

(在本地运行应用程序之前，我先使用Azure PowerShell验证到我的Azure目录.)

(Before I run the app locally, I authenticate to my Azure directory using Azure PowerShell. )

推荐答案

如何授予我的本地应用访问权限?

How do I grant my local app access?

对于本地开发， AzureServiceTokenProvider 使用Visual Studio，Azure CLI或Azure AD集成身份验证来获取令牌.依次尝试每个选项，并且库使用成功的第一个选项.

For local development, AzureServiceTokenProvider fetches tokens using Visual Studio, Azure CLI, or Azure AD Integrated Authentication. Each option is tried sequentially and the library uses the first option that succeeds.

要使用Visual Studio进行身份验证，请执行以下操作:

To authenticate by using Visual Studio:

登录Visual Studio并使用 Tools >打开 Options 的选项.

Sign in to Visual Studio and use Tools > Options to open Options.

选择 Azure服务身份验证，选择一个本地开发帐户，然后选择确定.

Select Azure Service Authentication, choose an account for local development, and select OK.

天蓝色时，您需要转到Azure密钥库.点击访问策略，然后使用获取和设置权限作为秘密，添加您之前登录的帐户.然后，您可以使用代码来获取秘密值.

On azure, you need to go to your Azure keyvault. Click Access Policies and add your account which login vs before with Get and Set permission for secret. Then you could use your code to get the secret value.

此外，您可以使用 AzureServiceTokenProvider 来获取秘密，而无需初始化您的秘密值.

Also you could use AzureServiceTokenProvider to get secret without initializing your secret value.

var KeyVaultUrl = "https://xxx.vault.azure.net/secrets/xxx/xxxxxxxxxxxxxx";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = keyVaultClient.GetSecretAsync(KeyVaultUrl).Result.Value;

这篇关于如何通过本地asp.net应用程序在Azure Key Vault中设置机密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！