在UseAzureKeyVault()被废弃后,如何配置Azure中的密钥库?
在UseAzureKeyVault()被废弃后,如何配置Azure中的密钥库?
提问于 2022-02-08 06:38:40
因此,我得到了一个遗留的C#项目,继续升级了Azure密钥库的依赖项,并使用了以下代码行:
public static IConfigurationBuilder AddAzureAppConfigurationWithKeyVault(this IConfigurationBuilder config, Action<AzureAppConfigurationOptions> action = null)
{
var settings = config.Build();
return config.AddAzureAppConfiguration(options =>
{
var endpoint = Environment.GetEnvironmentVariable("AZURE_APP_CONFIGURATION_ENDPOINT") ?? settings["AzureAppConfiguration:Endpoint"];
if (string.IsNullOrEmpty(endpoint))
{
throw new ConfigurationException("You must set an Azure App Configuration endpoint using the AZURE_APP_CONFIGURATION_ENDPOINT environment variable OR the AzureAppConfiguration:Endpoint settings key.");
}
// Connect to the Azure App Configuration store with the given
// endpoint and add an Azure Key Vault client so we can resolve
// Key Vault references.
options.Connect(new Uri(endpoint), new DefaultAzureCredential())
.UseAzureKeyVault(CreateKeyVaultClient());
action?.Invoke(options);
});
static KeyVaultClient CreateKeyVaultClient()
{
var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");
if (!string.IsNullOrEmpty(clientId) && !string.IsNullOrEmpty(clientSecret))
{
// Use client credentials for Key Vault authentication, see
// https://learn.microsoft.com/en-us/azure/azure-app-configuration/use-key-vault-references-dotnet-core
return new KeyVaultClient(async (authority, resource, scope) =>
{
var clientCredential = new ClientCredential(clientId, clientSecret);
var authenticationContext = new AuthenticationContext(authority, null);
var authenticationResult = await authenticationContext.AcquireTokenAsync(resource, clientCredential);
return authenticationResult.AccessToken;
});
}
// Use Azure Managed Identity for Key Vault authentication, see
// https://learn.microsoft.com/en-us/samples/azure-samples/app-service-msi-keyvault-dotnet/keyvault-msi-appservice-sample/
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var authenticationCallback = new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback);
return new KeyVaultClient(authenticationCallback);
}
}但是,当我升级依赖项时,UseAzureKeyVault()方法被废弃,取代了ConfigureKeyVault(),这就需要对整个算法进行重构。
这个问题:由于这些方法的返回类型是完全不同的,所以我不能完全理解这个重构。使用代码片段建议,我给您带来了以下内容(项目中有EnvVars ):
options.Connect(new Uri(endpoint), new DefaultAzureCredential())
//.UseAzureKeyVault(CreateKeyVaultClient());
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new EnvironmentCredential());
});
action?.Invoke(options);但是,我现在不确定的是CreateKeyVaultClient()方法,我可以删除它吗?我是否只初始化了EnvironmentCredential,它本身就会耗尽env变量,整个过程就能工作了吗?或者为什么我需要这个KeyVaultClient,这背后的故事是什么?很长一段时间我都不知道这些蔚蓝的东西。
谢谢你所有的建议!
回答 1
Stack Overflow用户
发布于 2022-02-08 07:29:28
如果您使用和密钥库,则此配置适用于我们,请注意,我们使用托管标识来处理配置存储和密钥库的访问权限。
builder.ConfigurationBuilder
.AddAzureAppConfiguration((options) =>
{
options
.Connect(
new Uri(Environment.GetEnvironmentVariable("configurationStorePrimaryEndpoint")),
credentials
)
.ConfigureKeyVault(kv => kv.SetCredential(credentials))
.Select(keyFilter, Environment.GetEnvironmentVariable("envLabel"))
.TrimKeyPrefix(keyPrefix);
});页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71029521
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号