英文:
Azure Key Vault and Certificate - .NET Framework ClientCertificateCredential access to Secrets
问题
我已生成了.pfx、.pvk和.cer证书文件。
在Azure中:
- 我创建了一个新的保管库,我们称之为MyVault
- 在MyVault中,我创建了一个名为SubscriptionKey的秘密
- MyVault有一个名为Certificates的部分,我已上传了
MyCertificate.cer文件。
令人困惑的是,Azure还有一个名为"Azure Active Directory"的部分,我也可以在那里上传证书。根据我的研究,这似乎是上传证书并获取clientId和tenantId(用于ClientCertificateCredential构造函数)所需的地方。
目标:使用证书从MyVault检索秘密值并使用以下代码:
public static string GetSecretFromAzureKeyVault(string secretName)
{
string vaultUrl = "https://MyVault.vault.azure.net/";
string cerPath = "C:\\Personal\\MyCertificate.cer";
ClientCertificateCredential credential = new(
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
cerPath
);
SecretClient client = new(new Uri(vaultUrl), credential);
KeyVaultSecret secret = client.GetSecret(secretName);
return secret.Value;
}
运行代码时,我仍然在以下行中收到null:
KeyVaultSecret secret = client.GetSecret(secretName);
有关我在此流程或资源方面做错的建议吗?
编辑:
错误截图:
英文:
I have generated .pfx, .pvk and .cer certification files.
In Azure:
- I created a new Vault, let's call it MyVault
- In MyVault, I created a Secret called SubscriptionKey
- MyVault has a Certificates section to which I've uploaded
MyCertificate.cerfile.
Confusingly enough, Azure also has a "Azure Active Directory" section where I can also upload Certificates. This is what I understood from researching, to be the place where to upload the certificate, and get the associated clientId and tenantId needed for the ClientCertificateCredential constructor.
Goal: Retrieve the secret value from MyVault using a Certificate and the code:
public static string GetSecretFromAzureKeyVault(string secretName)
{
string vaultUrl = "https://MyVault.vault.azure.net/";
string cerPath = "C:\\Personal\\MyCertificate.cer";
ClientCertificateCredential credential = new(
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
cerPath
);
SecretClient client = new(new Uri(vaultUrl), credential);
KeyVaultSecret secret = client.GetSecret(secretName);
return secret.Value;
}
When running the code I'm still getting null for the line:
KeyVaultSecret secret = client.GetSecret(secretName);
Any suggestions on what I've done wrong in this flow or regarding the resources?
EDIT:
Error screenshot:
答案1
得分: 2
我已经按照以下步骤并获取了密钥值:
- 从Azure活动目录(AAD)创建一个应用程序并在“应用程序注册”中注册该应用程序。
- 创建一个KeyVault和密钥。在代码中使用密钥名称。
- 使用应用程序注册中的ClientId和TenantId,并在代码中使用它们。
- 下载.pfx格式的文件并在代码中使用该证书。
- 在代码中使用**.pfx**下载的路径
public static string GetSecretFromAzureKeyVault(string secretName)
{
string vaultUrl = "https://keyvault.vault.azure.net/";
string cerPath = "C:\\Tools\\keyvault-keycertificate-20230109.pfx";
ClientCertificateCredential credential =
new ClientCertificateCredential("TenantId", "ClientId", cerPath);
SecretClient client = new SecretClient(new Uri(vaultUrl), credential);
KeyVaultSecret secret = client.GetSecret(secretName);
return secret.Value;
}
你可以在下面突出显示的屏幕中找到密钥值。
英文:
I have followed the below steps and got the secret value
- Create an app from AAD and register the app using APP registrations.
- Create a keyVault and secret. And use the secret name in the code.
- Use the ClientId and TenantId from the App registrations and use it in the code.
- Download the .pfx format file and use the certificate in the code.
- Use .pfx downloaded path in code
public static string GetSecretFromAzureKeyVault(string secretName)
{
string vaultUrl = "https://keyvault.vault.azure.net/";
string cerPath = "C:\\Tools\\keyvault-keycertificate-20230109.pfx";
ClientCertificateCredential credential =
new ClientCertificateCredential("TenantId", "ClientId", cerPath);
SecretClient client = new SecretClient(new Uri(vaultUrl), credential);
KeyVaultSecret secret = client.GetSecret(secretName);
return secret.Value;
}
You can find the secret value in the below highlighted screen.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论