我在 Azure 的配置中添加了一个条目,以链接到 AzureKeyreference,如下所示。我正在尝试从下面的配置中获取 secret 调用 prodkey。
名称:ProdContoso:ST64 值:@Microsoft.KeyVault(SecretUri=https://contosokeyvault.vault.azure.net/secrets/prodkey/e8b00ec08bd65fc49484dd6bb445ae5c)
public string GetKeyData()
{
var config = new ConfigurationBuilder()
.AddEnvironmentVariables()
.Build();
var key = config["ProdContoso:ST644"];
Console.WriteLine($"ProdContoso:ST64:{key?.Substring(0, 5) ?? "null"}");
return key;
}
最佳答案
使用 Key Vault 引用意味着您使用标准化格式作为应用程序设置的值,这样您就可以通过基于名称访问应用程序设置来检索 Key Vault 值。 Azure 平台将负责联系 Key Vault 并获取值。
他们提供了一种方法
work with secrets from Azure Key Vault in your App Service or Azure Functions application without requiring any code changes.
请参阅Use Key Vault references for App Service and Azure Functions .
就您的问题而言,请确保您按照Granting your app access to Key Vault中的步骤进行操作。
Create a managed identity for your application.
Key Vault references will use the app's system assigned identity by default, but you can specify a user-assigned identity.Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy. Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity.
关于c# - 如何阅读 KeyVault 引用 C#,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76145226/