将包从 "Microsoft.Extensions.Configuration.AzureKeyVault" 更改为 "Azure.Extensions.AspNetCore.Configuration.Secrets"
changing package from "Microsoft.Extensions.Configuration.AzureKeyVault" To "Azure.Extensions.AspNetCore.Configuration.Secrets"
我正在使用 nuget Microsoft.Extensions.Configuration.AzureKeyVault,我在 Program.cs、
中为 asp.net core 3.1 使用以下代码
我正在为 azure keyVault 进行自定义证书身份验证。还使用自定义秘密管理。
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
config.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions
{
Vault = "key vault url",
ReloadInterval = TimeSpan.FromSeconds(15),
//authenticate with custom certificate
Client = new KeyVaultClient(CustomCertificateAuthenticationCallback),
Manager = new CustomKeyVaultSecretManager()
});
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
软件包 Microsoft.Extensions.Configuration.AzureKeyVault 已弃用,我已卸载此软件包并安装了更新的软件包 Azure.Extensions.AspNetCore.Configuration.Secrets。切换到这个包后,我无法弄清楚如何使用 custom 验证以及如何通过 keyvault url
您可以尝试 SecretClient method, and refer to this official document Azure Key Vault 配置提供程序。
using Azure.Security.KeyVault.Secrets;
using Azure.Identity;
using Azure.Extensions.AspNetCore.Configuration.Secrets;
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
if (context.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
SecretClient 不支持 AuthenticationCallback(Microsoft.Azure.KeyVault.KeyVaultClient.AuthenticationCallback).
如果您想使用证书进行身份验证,可以使用 Azure.Identity.ClientCertificateCredential.
新建 TokenCredential
X509Certificate2 cer = new X509Certificate2(certPath, pfxpassword, X509KeyStorageFlags.EphemeralKeySet);
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new ClientCertificateCredential(tenantID, clientID, cer);
我正在使用 nuget Microsoft.Extensions.Configuration.AzureKeyVault,我在 Program.cs、
我正在为 azure keyVault 进行自定义证书身份验证。还使用自定义秘密管理。
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
config.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions
{
Vault = "key vault url",
ReloadInterval = TimeSpan.FromSeconds(15),
//authenticate with custom certificate
Client = new KeyVaultClient(CustomCertificateAuthenticationCallback),
Manager = new CustomKeyVaultSecretManager()
});
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
软件包 Microsoft.Extensions.Configuration.AzureKeyVault 已弃用,我已卸载此软件包并安装了更新的软件包 Azure.Extensions.AspNetCore.Configuration.Secrets。切换到这个包后,我无法弄清楚如何使用 custom 验证以及如何通过 keyvault url
您可以尝试 SecretClient method, and refer to this official document Azure Key Vault 配置提供程序。
using Azure.Security.KeyVault.Secrets;
using Azure.Identity;
using Azure.Extensions.AspNetCore.Configuration.Secrets;
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
if (context.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
SecretClient 不支持 AuthenticationCallback(Microsoft.Azure.KeyVault.KeyVaultClient.AuthenticationCallback).
如果您想使用证书进行身份验证,可以使用 Azure.Identity.ClientCertificateCredential.
新建 TokenCredentialX509Certificate2 cer = new X509Certificate2(certPath, pfxpassword, X509KeyStorageFlags.EphemeralKeySet);
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new ClientCertificateCredential(tenantID, clientID, cer);