英文:
Access secret value in KV from appsetting of .net core app
问题
I have deployed a .net core api application to send a message to queue by reading the connection string.
我已部署了一个.NET Core API应用程序,通过读取连接字符串来发送消息到队列。
I have given key vault administrator and key vault contributor to the identity of the app service.
我已经将密钥保管库管理员和密钥保管库贡献者权限授予了应用服务的身份。
I placed the connection string in the appsettings.json and it worked.
我将连接字符串放在appsettings.json中,它起作用了。
I placed the value of connection string in key vault and used the uri of the key vault and made required code changes and that worked as well.
我将连接字符串的值放在了密钥保管库中,并使用密钥保管库的URI进行了必要的代码更改,也成功了。
Now I am referring the secret value in appsettings like below:
现在,我在appsettings中引用秘密值,如下所示:
"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
And when I call the api I get 500 and when I saw logs from app service I see the below error:
当我调用API时,我收到500错误,并且当我查看应用服务的日志时,看到以下错误:
Exception:
System.FormatException: No valid combination of account information found.
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.<>c.<Parse>b__97_0(String err)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.ParseImpl(String connectionString, CloudStorageAccount&amp; accountInformation, Action`1 error)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.Parse(String connectionString)
appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
}
Using Microsoft.Extensions.Configuration;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Queue;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace TestApp.Controllers
{
public interface IMessageSender
{
Task Send(string content);
}
public class AzureQueueSender : IMessageSender
{
public AzureQueueSender(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public async Task Send(string content)
{
var connectionString = Configuration.GetValue<string>("MyConnectionString");
await SendMessage(connectionString);
}
private static async Task SendMessage(string connectionString)
{
var storageAccount = CloudStorageAccount.Parse(connectionString);
storageAccount.CreateCloudQueueClient();
var queueClient = storageAccount.CreateCloudQueueClient();
var queue = queueClient.GetQueueReference("queuename");
var message = new CloudQueueMessage("Hello World!");
await queue.AddMessageAsync(message);
}
}
}
<details>
<summary>英文:</summary>
I have deployed a .net core api application to send a message to queue by reading the connection string.
I have given key vault administrator and key vault contributor to the identity of the app service.
I placed the connection string in the appsettings.json and it worked.
I placed the value of connection string in key vault and used the uri of the key vault and made required code changes and that worked as well.
Now I am referring the secret value in appsettings like below:
"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
And when I call the api I get 500 and when I saw logs from app service I see the below error:
Exception:
System.FormatException: No valid combination of account information found.
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.<>c.<Parse>b__97_0(String err)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.ParseImpl(String connectionString, CloudStorageAccount& accountInformation, Action`1 error)
at Microsoft.WindowsAzure.Storage.CloudStorageAccount.Parse(String connectionString)
appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"MyConnectionString": "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
//"VaultName": "https://my-kv.vault.azure.net/"
}
using Microsoft.Extensions.Configuration;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Queue;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace TestApp.Controllers
{
public interface IMessageSender
{
Task Send(string content);
}
public class AzureQueueSender : IMessageSender
{
public AzureQueueSender(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public async Task Send(string content)
{
var connectionString = Configuration.GetValue<string>("MyConnectionString");
await SendMessage(connectionString);
}
private static async Task SendMessage(string connectionString)
{
var storageAccount = CloudStorageAccount.Parse(connectionString);
storageAccount.CreateCloudQueueClient();
var queueClient = storageAccount.CreateCloudQueueClient();
var queue = queueClient.GetQueueReference("queuename");
var message = new CloudQueueMessage("Hello World!");
await queue.AddMessageAsync(message);
}
}
}
</details>
# 答案1
**得分**: 1
为了使用引用访问和检索密钥保管库的秘密值,我们需要在部署的Azure应用服务中设置应用程序设置。
密钥名称必须与您在本地的`appsettings.json`文件中设置的密钥相同。
- 正如您已经设置了名称为`MyConnectionString`的密钥,我正在在门户中的部署应用程序的配置部分中设置相同的`键值`。
`Azure应用程序` => `配置` => `应用程序设置` => `新应用程序设置`
![在此输入图像描述](https://i.stack.imgur.com/AefBj.png)
> ```csharp
> 名称: MyConnectionString
> 值: "@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
> ```
- 您设置的应用程序设置现在以键`APPSETTING_MyConnectionString`的形式可用于环境变量(KUDU控制台)中。
![在此输入图像描述](https://i.stack.imgur.com/zIxnh.png)
甚至我们可以这样检索该值
```csharp
var myconn= Environment.GetEnvironmentVariable("APPSETTING_MyConnectionString");
英文:
To access and retrieve the Key Vault Secret value using the reference, we need to set the App setting in the deployed Azure App Service.
The Key name must be same as the key which you have set in the local appsettings.json
file.
- As you have set the key with name
MyConnectionString
, Iam setting the samekey-value
in the Configuration section of the deployed app in portal.
Azure App
=> Configuration
=> Application Setting
= >New App Setting
> csharp
> Name : MyConnectionString
> Value:"@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/MyConnectionString/)"
>
- The App setting which you have set is now available in the Environment Variable (KUDU Console) with key
APPSETTING_MyConnectionString
.
Even we can retrieve the value as
var myconn= Environment.GetEnvironmentVariable("APPSETTING_MyConnectionString");
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论