无法在 Azure 函数中检索机密 - 访问被拒绝
Unable to retrieve secret in Azure Function - Access Denied
我有以下 Azure 函数,或者至少是它的相关部分:
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.KeyVault.Models;
using System;
using System.Configuration;
using System.Data.SqlClient;
using System.Threading.Tasks;
public static async Task Run(TimerInfo myTimer, TraceWriter log)
{
AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://xxxxx.vault.azure.net/secrets/TwiloAccountSid");
...
}
执行此操作时,我在尝试检索机密时遇到拒绝访问错误。 Azure 函数已注册到托管服务身份。看来我还需要做点什么。
It appears there is something else I need to do.
正如SuWatch ch提到的,如果我们想要访问KeyVault,我们还需要添加允许azure函数访问它的权限。更详细的步骤可以参考这个guide.
我有以下 Azure 函数,或者至少是它的相关部分:
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.KeyVault.Models;
using System;
using System.Configuration;
using System.Data.SqlClient;
using System.Threading.Tasks;
public static async Task Run(TimerInfo myTimer, TraceWriter log)
{
AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://xxxxx.vault.azure.net/secrets/TwiloAccountSid");
...
}
执行此操作时,我在尝试检索机密时遇到拒绝访问错误。 Azure 函数已注册到托管服务身份。看来我还需要做点什么。
It appears there is something else I need to do.
正如SuWatch ch提到的,如果我们想要访问KeyVault,我们还需要添加允许azure函数访问它的权限。更详细的步骤可以参考这个guide.