以编程方式将密码添加到C中的密钥保管库中#
我试图从我在Azure中的密钥保管库中运行的服务中输入一些输出。我的服务的输出将是用户凭证,这就是为什么我想使用密钥保险库来达到此目的的原因。到目前为止,我已经尝试了KeyVaultClient的SetSecretAsync方法,但它不适用于我,我没有收到任何错误消息,但是我也没有看到在我的目标KeyVault中创建的新密钥。我还没有找到KeyVaultClient Add Secret方法,因为它不存在,我在这里使用正确的对象/方法吗?以编程方式将密码添加到C中的密钥保管库中#
这里所讨论的方法是AddResult。
这里是我的代码:
private static AzureKeyVault instance;
private static KeyVaultClient client;
private AzureKeyVault()
{
//initialize the azure key vault
var vaultAddress = ConfigurationManager.AppSettings["VaultUri"];
client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
}
public static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var clientId = ConfigurationManager.AppSettings["ClientID"];
var clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, clientCredential);
return result.AccessToken;
}
public static AzureKeyVault GetInstance
{
get
{
if (instance == null)
{
instance = new AzureKeyVault();
}
return instance;
}
}
public void AddResult(string machineIPAndPort, BruteForceResult result)
{
client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", machineIPAndPort, JsonConvert.SerializeObject(result));
}
使用的耐心(等待人们去创造)。
// Let's create a secret and read it back
string vaultBaseUrl = "https://alice.vault.azure.net";
string secret = "from-NET-SDK";
// Await SetSecretAsync
KeyVaultClient keyclient = new KeyVaultClient(GetToken);
var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result;
// Print indented JSON response
string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented);
Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n");
// Read back secret
string secretUrl = $"{vaultBaseUrl}/secrets/{secret}";
var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result;
Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}");
结果:
SetSecretAsync completed:
{
"SecretIdentifier":{
"BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK",
"Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...",
"Name":"from-NET-SDK",
"Vault":"https://alice.vault.azure.net:443",
"VaultWithoutScheme":"alice.vault.azure.net",
"Version":"597930b70565447d8ba9ba525a206a9e"
},
"value":"Sup3eS3c5et",
"id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...",
"contentType":null,
"attributes":{
"recoveryLevel":"Purgeable",
"enabled":true,
"nbf":null,
"exp":null,
"created":1508354384,
"updated":1508354384
},
"tags":null,
"kid":null,
"managed":null
}
secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et
你应该真的是改写AddResult()
:
public bool AddResult(string machineIPAndPort, BruteForceResult result)
{
await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/",
machineIPAndPort, JsonConvert.SerializeObject(result));
return true;
}
也许包裹在一个try-catch
和阅读InnerException
因为that's where the meaningful HTTP response body will be。例如,使得对密钥库的要求我没有获得结果:
而且还因为这是云计算,你在与other mission critical traffic激烈的竞争,事情会失败。
这工作非常好,谢谢。我想这个问题是我不得不等待结果......你认为他们会记录的东西。 谢谢EvilSnobu –
你实际上教会了我很多关于异步是如何工作的,以及如何获得结果而不是异步的异步......谢谢先生! –
但是你不应该那样做,你应该实现适当的异步/等待。但你知道..生命的短暂:) – evilSnobu
_it不适用于我_是什么意思? – evilSnobu
目标==标题(为密钥库添加秘密)结果==没有添加任何密码,也没有错误消息。 –
在秘密中,machineIPandPort将是名称,并且序列化结果将是Value。 –