小贝子编程

Azure密钥库:get/delete/set Operations用keyVaultClient在.NET CORE



我已经看到了许多用于使用IConfiguration检索秘密的Azure密钥库的示例,但是这些主要涉及查看秘密而不是Crud类型操作。

我正在尝试使用IKeyVaultClient扩展方法,例如GetSecretAsync在此处描述。为了实现这一点

  1. 创建一个公共IKeyVaultOps接口和KeyVaultOps实现包含KeyVaultClient的公共类。

keyVaultops.cs 

public class KeyVaultOps : IKeyVaultOps
{
    public KeyVaultClient GetKeyVaultClient()
    {
        AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
        return new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    }
}
  1. 在必要时使用DI注入:

startup.cs 

services.AddSingleton<IKeyVaultOps, KeyVaultOps>();

剃须刀页面:

private readonly IKeyVaultOps keyVaultOps;
private readonly IConfiguration configuration;
public TestPageModel(
    IKeyVaultOps keyVaultOps,
    IConfiguration configuration
)
{
    this.keyVaultOps = keyVaultOps;
    this.configuration = configuration;
}
public string Secret { get; set; }
public class TestPageModel : PageModel
{
    public async Task OnGetAsync()
    {
        try
        {
            var vaultUrl = configuration["KeyVaultUrl"];
            SecretBundle secretBundle = await keyVaultOps.GetKeyVaultClient().GetSecretAsync(vaultUrl, "TestSecret");
            Secret = secretBundle.Value;
        }
        catch (Exception ex)
        {
            Secret = ex.Message;
        }
    }
}

认识到我实际上不需要界面才能正确工作,我正在寻找有关两件事的建议:

  1. 是否有一种更好的方法来配置KeyVaultClient URL属性,而不是在我需要实现的每个类上注入IConfiguration

  2. 由于我的主要项目无论如何都有using的CC_9语句,因此是否可以避免我自己的GetKeyVaultClient()实现,并且简单地使用:

    services.AddSingleton<IKeyVaultClient, KeyVaultClient>();

...以及必要的扩展方法?

注意:Startup.cs中的上线产生:

可以使用服务容器中的服务和默认值

实例化类型的'Microsoft.azure.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.keyvault.ply

我喜欢创建自己的服务,以访问为我处理URL和auth件的密钥库,因此我的代码可以简单地使用该服务而无需考虑配置。它的工作原理:

public interface IMyKeyVaultClient {
   Task<SecretBundle> GetSecretAsync(string secretName);
}
public class MyKeyVaultClient : IMyKeyVaultClient {
   public MyKeyVaultClient(IConfiguration config, IWhateverElseYouNeedForGettingCredentials otherStuff) {
       //snag the URL from config and credentials from otherStuff
       //instantiate keyVaultClient;
   }
   private KeyVaultClient keyVaultClient;
   private string url;
   public Task<SecretBundle> GetSecretAsync(string secretName) {
       return keyVaultClient.GetSecretAsync(url, secretName);
   }
}

然后注册您的服务,

services.AddSingleton<IMyKeyVaultClient, MyKeyVaultClient>();

然后,您的调用代码可以简单地从DI请求IMyKeyVaultClient,并以秘密名称调用GetSecretAsync(),而不必担心详细信息。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium