如果我在 local.settings.json 中设置 AzureWebJobsServiceBus 的连接字符串,则不会出现错误。但是,我想使用 Azure Key-Vault 来防止泄露连接字符串。
以下是我的错误:
Microsoft.Azure.WebJobs.Host: Error indexing method 'MyAzureFunc.Run'. Microsoft.ServiceBus: The Service Bus connection string is not of the expected format. Either there are unexpected properties within the string or the format is incorrect. Please check the string before. trying again.
这是我的代码:
public static class MyAzureFunc
{
private static readonly SettingsContext _settings;
static MyAzureFunc()
{
_settings = new SettingsContext(new Settings
{
BaseUrl = Environment.GetEnvironmentVariable("BaseUrl"),
ServiceBusConnectionString = Environment.GetEnvironmentVariable("ServiceBus"),
certThumbprint = Environment.GetEnvironmentVariable("CertThumbprint"),
keyVaultClientId = Environment.GetEnvironmentVariable("KeyVaultClientId"),
ServiceBusSecretUrl = Environment.GetEnvironmentVariable("ServiceBusSecretUrl")
});
Environment.SetEnvironmentVariable("AzureWebJobsServiceBus", _settings.ServiceBusConnectionString);
}
[FunctionName("Func")]
public static async Task Run([ServiceBusTrigger(ServiceBusContext.MyQueueName)] BrokeredMessage msg, TraceWriter log)
{
......
}
}
public SettingsContext(Settings settings)
{
new MapperConfiguration(cfg => cfg.CreateMap<Settings, SettingsContext>()).CreateMapper().Map(settings, this);
if (!string.IsNullOrEmpty(settings.certThumbprint) && !string.IsNullOrEmpty(settings.keyVaultClientId))
{
var cert = Helpers.GetCertificate(settings.certThumbprint);
var assertionCert = new ClientAssertionCertificate(settings.keyVaultClientId, cert);
KeyVaultClient = GetKeyVaultClient(assertionCert);
if (ServiceBusConnectionString == "nil" && !string.IsNullOrEmpty(settings.ServiceBusSecretUrl))
{
ServiceBusConnectionString = KeyVaultClient.GetSecretAsync(settings.ServiceBusSecretUrl).Result.Value;
}
}
}
private static KeyVaultClient GetKeyVaultClient(ClientAssertionCertificate assertionCert)
{
return new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(async (string authority, string resource, string scope) =>
{
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, assertionCert);
return result.AccessToken;
}));
}
最佳答案
这实际上比您正在尝试的要简单得多;)请参阅 here 。 KeyVault 与 Azure Functions/应用服务原生集成,可安全存储设置。
在 local.settings.json 中,您按原样使用连接字符串(以纯文本形式)。该文件从未 checkin 。
在 Azure 中,您有一个同名的应用程序设置,但您不是放置纯文本连接字符串,而是放置对 KeyVault 设置的引用,如下所示:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931)
您唯一需要做的就是启用您的函数的托管身份并在 KeyVault 中授予该身份读取权限。
关于azure - 如何使用 Azure Key-Vault 检索连接字符串,然后将其设置为 AzureWebJobsServiceBus for ServiceBusTrigger,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55899622/