我如何从控制器代码中从Azure键保险库中检索秘密

发布于 2025-02-13 14:56:13 字数 754 浏览 0 评论 0 原文

我创建了一个Azure密钥库，可以保存我的应用程序秘密。

我想从控制器代码中检索秘密。我的控制器代码基于ASP.NET核心。

从这里开始， https://learn.microsoft.com /en-us/dotnet/api/概述/azure/endentity-readme

我看到了一个示例要创建一个 secretclient

// Create a secret client using the DefaultAzureCredential
var client = new SecretClient(new Uri("https://myvault.vault.azure.net/"), new DefaultAzureCredential());

我的问题是因为我在服务端（在控制器端）上运行代码，如何在没有任何交互式身份验证的情况下创建DefaultazureCrecreCrecreCrecreCrecreCrecreCrecreCrecreCrecreCrecreCrecrecreCrecreCrecreCrecreCrecreCrecreCrecreCrecreCrecrecreCrecreCredential？

原文

I have created an Azure Key Vault which saves my application secrets.

And I want to retrieve the secrets from my Controller code. My controller code is based on ASP.Net core.

From here, https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme

I see the example of how to create a SecretClient

// Create a secret client using the DefaultAzureCredential
var client = new SecretClient(new Uri("https://myvault.vault.azure.net/"), new DefaultAzureCredential());

My question is Since I am running the code on the service side (in Controller side), how can I create DefaultAzureCredential without any interactive authentication?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

執念 2025-02-20 14:56:13

根据您在 defaultazurecrecrecredential 在服务中，您可以使用具有用户托管身份的应用程序， DefaultazureCrecrecreCredential 将使用该帐户进行身份验证是没有交互式模式的

-ReadMe＃emoverition-variables“ rel =“ nofollow noreferrer”>环境变量并使用它进行身份验证。

“在此处输入图像描述”

// When deployed to an azure host, the default azure credential will authenticate the specified user assigned managed identity.

string userAssignedClientId = "<your managed identity client Id>";

var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedClientId });

var blobClient = new BlobClient(new Uri("https://myaccount.blob.core.windows.net/mycontainer/myblob"), credential);

azure_client_id 环境可用于设置 ManagedIdentityClientId 除了通过代码设置它。当利用DefaultazureCrecreCredential时，这两种方法是相等的。您无需在代码中公开凭据，您可以使用此身份登录到接受Azure AD身份验证（包括密钥库）的任何服务。

您也可以参考此 ms-document 更多详细使用托管身份将密钥库连接到.NET中的Azure Web应用程序

According to Document referred by you under DefaultAzureCredential , In service side you can use the application with user Managed Identity,DefaultAzureCredential will authenticate with that account which is without interactive mode.

As the DefaultAzureCredential will read account information via environment variables and use it to authenticate.

enter image description here

// When deployed to an azure host, the default azure credential will authenticate the specified user assigned managed identity.

string userAssignedClientId = "<your managed identity client Id>";

var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedClientId });

var blobClient = new BlobClient(new Uri("https://myaccount.blob.core.windows.net/mycontainer/myblob"), credential);

The Azure_client_id environment variable can be used to set the ManagedIdentityClientId in addition to setting it via code. When utilising the DefaultAzureCredential, these two approaches are equal. Without having to expose credentials in your code, you may use this identity to log in to any service that accepts Azure AD authentication, including Key Vault.

You can also refer this MS-Document more in detail to use managed identity to connect Key Vault to an Azure web app in .NET

回复收藏 0 原文

~没有更多了~