PersistKeysToAzureBlobStorage 是否会影响性能?是否在启动时或每次调用时从那里获取一次密钥?
Does PersistKeysToAzureBlobStorage takes its performance toll? Does fetches keys from there once at startup or at each call?
我想将我的数据存储在 Blob 存储中。为此,我至少需要致电:
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection()
.PersistKeysToAzureBlobStorage(new Uri("<blobUriWithSasToken>"));
}
现在的问题是,它们的密钥是在应用程序启动时获取的,还是每次需要时都从 blob 中获取的?
那么,如果我决定使用依赖于 Key-Vault 的密钥来保护这些密钥,那么 ProtectKeysWithAzureKeyVault 是否会访问仅在启动或每次调用时速度较慢的密钥保管库?
根据源代码和测试演示,它只会在启动时从那里获取一次开始的密钥。
部分服务注入:
//You could find all the key management related service is registered as the Singleton.
private static void AddDataProtectionServices(IServiceCollection services)
{
if (OSVersionUtil.IsWindows())
{
services.TryAddSingleton<IRegistryPolicyResolver, RegistryPolicyResolver>();
}
services.TryAddEnumerable(
ServiceDescriptor.Singleton<IConfigureOptions<KeyManagementOptions>, KeyManagementOptionsSetup>());
services.TryAddEnumerable(
ServiceDescriptor.Transient<IConfigureOptions<DataProtectionOptions>, DataProtectionOptionsSetup>());
services.TryAddSingleton<IKeyManager, XmlKeyManager>();
services.TryAddSingleton<IApplicationDiscriminator, HostingApplicationDiscriminator>();
services.TryAddEnumerable(ServiceDescriptor.Singleton<IHostedService, DataProtectionHostedService>());
// Internal services
services.TryAddSingleton<IDefaultKeyResolver, DefaultKeyResolver>();
services.TryAddSingleton<IKeyRingProvider, KeyRingProvider>();
此外,我创建了一个测试演示,将密钥存储到 blob 存储中,并使用 fiddler 捕获读取密钥 http 请求。
你会发现它只会读一次。
我想将我的数据存储在 Blob 存储中。为此,我至少需要致电:
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection()
.PersistKeysToAzureBlobStorage(new Uri("<blobUriWithSasToken>"));
}
现在的问题是,它们的密钥是在应用程序启动时获取的,还是每次需要时都从 blob 中获取的?
那么,如果我决定使用依赖于 Key-Vault 的密钥来保护这些密钥,那么 ProtectKeysWithAzureKeyVault 是否会访问仅在启动或每次调用时速度较慢的密钥保管库?
根据源代码和测试演示,它只会在启动时从那里获取一次开始的密钥。
部分服务注入:
//You could find all the key management related service is registered as the Singleton.
private static void AddDataProtectionServices(IServiceCollection services)
{
if (OSVersionUtil.IsWindows())
{
services.TryAddSingleton<IRegistryPolicyResolver, RegistryPolicyResolver>();
}
services.TryAddEnumerable(
ServiceDescriptor.Singleton<IConfigureOptions<KeyManagementOptions>, KeyManagementOptionsSetup>());
services.TryAddEnumerable(
ServiceDescriptor.Transient<IConfigureOptions<DataProtectionOptions>, DataProtectionOptionsSetup>());
services.TryAddSingleton<IKeyManager, XmlKeyManager>();
services.TryAddSingleton<IApplicationDiscriminator, HostingApplicationDiscriminator>();
services.TryAddEnumerable(ServiceDescriptor.Singleton<IHostedService, DataProtectionHostedService>());
// Internal services
services.TryAddSingleton<IDefaultKeyResolver, DefaultKeyResolver>();
services.TryAddSingleton<IKeyRingProvider, KeyRingProvider>();
此外,我创建了一个测试演示,将密钥存储到 blob 存储中,并使用 fiddler 捕获读取密钥 http 请求。
你会发现它只会读一次。