Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

huangapple go评论86阅读模式
英文:

Azure Key Vault and Certificate - .NET Framework ClientCertificateCredential access to Secrets

问题

我已生成了.pfx.pvk.cer证书文件。

在Azure中:

  • 我创建了一个新的保管库,我们称之为MyVault
  • MyVault中,我创建了一个名为SubscriptionKey的秘密
  • MyVault有一个名为Certificates的部分,我已上传了MyCertificate.cer文件。

令人困惑的是,Azure还有一个名为"Azure Active Directory"的部分,我也可以在那里上传证书。根据我的研究,这似乎是上传证书并获取clientIdtenantId(用于ClientCertificateCredential构造函数)所需的地方。

目标:使用证书从MyVault检索秘密值并使用以下代码:

public static string GetSecretFromAzureKeyVault(string secretName)
{
    string vaultUrl = "https://MyVault.vault.azure.net/";
    string cerPath = "C:\\Personal\\MyCertificate.cer";

    ClientCertificateCredential credential = new(
        "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        cerPath
    );

    SecretClient client = new(new Uri(vaultUrl), credential);
    KeyVaultSecret secret = client.GetSecret(secretName);

    return secret.Value;
}

运行代码时,我仍然在以下行中收到null

KeyVaultSecret secret = client.GetSecret(secretName);

有关我在此流程或资源方面做错的建议吗?

编辑:

错误截图:
Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

英文:

I have generated .pfx, .pvk and .cer certification files.

In Azure:

  • I created a new Vault, let's call it MyVault
  • In MyVault, I created a Secret called SubscriptionKey
  • MyVault has a Certificates section to which I've uploaded MyCertificate.cer file.

Confusingly enough, Azure also has a "Azure Active Directory" section where I can also upload Certificates. This is what I understood from researching, to be the place where to upload the certificate, and get the associated clientId and tenantId needed for the ClientCertificateCredential constructor.

Goal: Retrieve the secret value from MyVault using a Certificate and the code:

public static string GetSecretFromAzureKeyVault(string secretName)
        {
            string vaultUrl = "https://MyVault.vault.azure.net/";
            string cerPath = "C:\\Personal\\MyCertificate.cer";

            ClientCertificateCredential credential = new(
                    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    cerPath
                );

            SecretClient client = new(new Uri(vaultUrl), credential);
            KeyVaultSecret secret = client.GetSecret(secretName);

            return secret.Value;
        }

When running the code I'm still getting null for the line:

KeyVaultSecret secret = client.GetSecret(secretName);

Any suggestions on what I've done wrong in this flow or regarding the resources?

EDIT:

Error screenshot:
Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

答案1

得分: 2

我已经按照以下步骤并获取了密钥值

  1. 从Azure活动目录(AAD)创建一个应用程序并在“应用程序注册”中注册该应用程序。

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. 创建一个KeyVault和密钥。在代码中使用密钥名称。

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. 使用应用程序注册中的ClientId和TenantId,并在代码中使用它们。

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. 下载.pfx格式的文件并在代码中使用该证书。

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. 在代码中使用**.pfx**下载的路径

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

public static string GetSecretFromAzureKeyVault(string secretName)
{
    string vaultUrl = "https://keyvault.vault.azure.net/";
    string cerPath = "C:\\Tools\\keyvault-keycertificate-20230109.pfx";

    ClientCertificateCredential credential = 
        new ClientCertificateCredential("TenantId", "ClientId", cerPath);

    SecretClient client = new SecretClient(new Uri(vaultUrl), credential);
    KeyVaultSecret secret = client.GetSecret(secretName);

    return secret.Value;
}

你可以在下面突出显示的屏幕中找到密钥值。

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

英文:

I have followed the below steps and got the secret value

  1. Create an app from AAD and register the app using APP registrations.

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. Create a keyVault and secret. And use the secret name in the code.

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. Use the ClientId and TenantId from the App registrations and use it in the code.

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. Download the .pfx format file and use the certificate in the code.

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

  1. Use .pfx downloaded path in code

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

public static string GetSecretFromAzureKeyVault(string secretName)
            {
                string vaultUrl = "https://keyvault.vault.azure.net/";
                string cerPath = "C:\\Tools\\keyvault-keycertificate-20230109.pfx";
    
                ClientCertificateCredential credential = 
                    new ClientCertificateCredential("TenantId", "ClientId", cerPath);
    
                SecretClient client = new SecretClient(new Uri(vaultUrl), credential);
                KeyVaultSecret secret = client.GetSecret(secretName);
    
                return secret.Value;
            }

You can find the secret value in the below highlighted screen.

Azure Key Vault 和证书 – .NET Framework ClientCertificateCredential 访问 Secrets

huangapple
  • 本文由 发表于 2023年1月9日 17:16:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/75055156.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定