如何在使用Azure密钥保管库时隐藏客户端端的API密钥?

huangapple go评论59阅读模式
英文:

How to hide API keys from client side when using Azure Key Vault?

问题

我已使用Azure密钥保管库存储了一些API密钥,我有一个客户端应用程序可以从密钥保管库获取密钥并使用这些API密钥连接到服务器。

然而,我不想将API密钥暴露给客户端,因为那会危及其安全。

如何在客户端隐藏API密钥?我需要创建一个中间后端服务吗?

英文:

I have used Azure Key Vault to store some API keys, and I have a client-side application that can get the secrets from the Key Vault and use the API keys to connect to a server.

However, I don’t want to expose the API keys to the client side, because that would compromise their security.

How can I hide the API keys from the client side? Do I need to create an intermediate backend service?

答案1

得分: 1

您的应用程序调用Azure Key Vault,该服务返回密钥。在某些时刻,密钥将以未加密的形式出现在用户的浏览器网络日志中。

根据您的用例,您可能希望创建一个后端服务来为用户执行此操作。

英文:

Your application calls Azure Key Vault, which returns the secret. At some point, the secret will appear unencrypted in the user's browser network log.

Depending on your use case, you may want to create a back-end service that does this for the user.

huangapple
  • 本文由 发表于 2023年5月28日 04:57:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/76349008.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定