如何在Azure Function隔离工作器服务配置中访问用户机密值?

huangapple go评论61阅读模式
英文:

How to access User Secret values in Azure Function Isolated Worker service configuration?

问题

在我的函数应用(.NET 7.0,孤立工作者)中,我有一个特定的依赖项,它使用一个API密钥,这需要存储在一个安全存储中。我在本地开发时使用 User Secrets,但我在配置依赖注入服务时如何访问这些秘密值上卡住了:

// secrets.json

{
  "apiKey": "1234567890"
}
// Program.cs

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults()
    .ConfigureServices(s =>
    {
        string apiKey = ???;  // 如何在这里访问用户机密?
        s.AddScoped<IMyDependency>(sp => new MyDependency(apiKey));
    });
    .Build();
}

host.Run();

微软有关使用 User Secrets 的指导:

但这些解决方案都没有提供我需要的,即在设置依赖注入时访问用户机密值的方法。相反,推荐的解决方案使配置值本身成为注入的依赖项,这并不适用于我的情况。

我尝试过的方法:

英文:

In my function app (.NET 7.0, Isolated Worker), I have one particular dependency that uses an API key, something that needs to be put in a secret store. I'm using User Secrets for local development, but I'm stuck on how to access those secret values when configuring services for dependency injection:

// secrets.json

{
  &quot;apiKey&quot;: &quot;1234567890&quot;
}
// Program.cs

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults()
    .ConfigureServices(s =&gt;
    {
        string apiKey = ???;  // how to access user secrets here?
        s.AddScoped&lt;IMyDependency&gt;(sp =&gt; new MyDependency(apiKey));
    });
    .Build();
}

host.Run();

There is guidance from Microsoft on using User Secrets:

But neither of these solutions offer what I need, which is a way to access user secret values when setting up dependency injection. Instead, the recommended solution makes the configuration values themselves injected dependencies, which I can't use.

Things I've tried:

  • Using Environment.GetEnvironmentVariable, which doesn't return a value.
  • Adding the user secrets configuration provider using builder.AddUserSecrets. I don't know whether this is necessary to do, but even if it is, I still don't know how to access the configuration when setting up DI.

答案1

得分: 2

我已经按照你提供的MSDoc中提供的方式来设置了UserSecrets。

感谢@damienbodSOThread提供的代码。

我的.csproj文件:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>net7.0</TargetFramework>
    <AzureFunctionsVersion>v4</AzureFunctionsVersion>
    <OutputType>Exe</OutputType>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
    <UserSecretsId>****-d46c-****-9752-04-****</UserSecretsId>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.10.0" />
    <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http" Version="3.0.13" />
    <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.7.0" />
    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.1" />
  </ItemGroup>
  <ItemGroup>
    <None Update="host.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
    <None Update="local.settings.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
    </None>
  </ItemGroup> 
  
  <ItemGroup>
    <Using Include="System.Threading.ExecutionContext" Alias="ExecutionContext" />
  </ItemGroup>
</Project>

Program.cs文件:

 Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System.Reflection;

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults()
    .ConfigureAppConfiguration(con =>
    {      
        con.AddUserSecrets<Program>(optional:true,reloadOnChange:false);
    })
    .ConfigureServices(s =>
    {
        var config = s.BuildServiceProvider().GetService<IConfiguration>();
        string apiKey = config.GetValue<string>("apiKey");
    })
    .Build();
host.Run();

[编辑] - 我想澄清并为其他人提供更多信息,虽然这似乎很明显,但AddUserSecrets<Program>()格式是使其适用于新的Program.cs结构的唯一方式。Startup示例随处可见,而AddUserSecrets()似乎是隐式工作的,不需要指定<T>,但仅适用于Startup样式。但是,我在互联网上找不到任何关于<Program>的提及。程序是隐式的,因为现在没有实际的Startup类了。

无论如何,如果不硬编码用户密码,我都无法使用户密码工作,这显然是不可接受的。

输出:

如何在Azure Function隔离工作器服务配置中访问用户机密值?

英文:

I have followed the same MSDoc which you have provided to set the UserSecrets.

Thanks @damienbod and SOThread for the code.

My .csproj file:

&lt;Project Sdk=&quot;Microsoft.NET.Sdk&quot;&gt;
  &lt;PropertyGroup&gt;
    &lt;TargetFramework&gt;net7.0&lt;/TargetFramework&gt;
    &lt;AzureFunctionsVersion&gt;v4&lt;/AzureFunctionsVersion&gt;
    &lt;OutputType&gt;Exe&lt;/OutputType&gt;
    &lt;ImplicitUsings&gt;enable&lt;/ImplicitUsings&gt;
    &lt;Nullable&gt;enable&lt;/Nullable&gt;
    &lt;UserSecretsId&gt;****-d46c-****-9752-04-****&lt;/UserSecretsId&gt;
  &lt;/PropertyGroup&gt;
  &lt;ItemGroup&gt;
    &lt;PackageReference Include=&quot;Microsoft.Azure.Functions.Worker&quot; Version=&quot;1.10.0&quot; /&gt;
    &lt;PackageReference Include=&quot;Microsoft.Azure.Functions.Worker.Extensions.Http&quot; Version=&quot;3.0.13&quot; /&gt;
    &lt;PackageReference Include=&quot;Microsoft.Azure.Functions.Worker.Sdk&quot; Version=&quot;1.7.0&quot; /&gt;
    &lt;PackageReference Include=&quot;Microsoft.Extensions.Configuration.UserSecrets&quot; Version=&quot;6.0.1&quot; /&gt;
  &lt;/ItemGroup&gt;
  &lt;ItemGroup&gt;
    &lt;None Update=&quot;host.json&quot;&gt;
      &lt;CopyToOutputDirectory&gt;PreserveNewest&lt;/CopyToOutputDirectory&gt;
    &lt;/None&gt;
    &lt;None Update=&quot;local.settings.json&quot;&gt;
      &lt;CopyToOutputDirectory&gt;PreserveNewest&lt;/CopyToOutputDirectory&gt;
      &lt;CopyToPublishDirectory&gt;Never&lt;/CopyToPublishDirectory&gt;
    &lt;/None&gt;
  &lt;/ItemGroup&gt; 
   
  &lt;ItemGroup&gt;
    &lt;Using Include=&quot;System.Threading.ExecutionContext&quot; Alias=&quot;ExecutionContext&quot; /&gt;
  &lt;/ItemGroup&gt;
&lt;/Project&gt;

Program.cs file:

 Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System.Reflection;

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults()
    .ConfigureAppConfiguration(con =&gt;
    {      
        con.AddUserSecrets&lt;Program&gt;(optional:true,reloadOnChange:false);
    })
    .ConfigureServices(s =&gt;
    {
        var config = s.BuildServiceProvider().GetService&lt;IConfiguration&gt;();
        string apiKey = config.GetValue&lt;string&gt;(&quot;apiKey&quot;);
    })
    .Build();
host.Run();

[edit] - I want to clarify and add for others searching that while it may seem obvious, the AddUserSecrets<Program>() format is the only way to get it to work for the newer Program.cs construct. The Startup example is everywhere, and AddUserSecrets() seems to be implicitly working without specifying <T> but only for the Startup style. But the <Program> mention is NOWHERE that I could find on the Internet. Program is implicit, given there is no actual Startup class anymore.

I could not get User Secrets to work for the life of me without hard coding in the user sercets id, which is obviously not acceptable.

OutPut:

如何在Azure Function隔离工作器服务配置中访问用户机密值?

huangapple
  • 本文由 发表于 2023年4月7日 05:40:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/75953975.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定