如何从 Azure KeyVault 中获取 SecureString - C#
How to get a SecureString out of an Azure KeyVault - C#
我有一个 Azure KeyVault,它提供了我想读入 SecureString 的密码。
如果我尝试从 IConfiguration 对象中读取作为 SecureString 的字符串,它将 return 为 null:
config.GetValue<SecureString>("AdminPW") == null
我可以将字符串作为字符串读取并转换为 SecureString,但这似乎是一个肮脏的 hack:
var pass = new SecureString();
foreach (var c in config.GetValue<string>("AdminPW").ToCharArray())
{
pass.AppendChar(c);
}
有没有办法直接从 IConfiguration 获取 SecureString?
正如汉斯所说,这不是安全。
If the assemblies you are using don't have native support for SecureString
serialization, that's exactly where you Key Vault as a service for secrets need to pass them only an encrypted payload which when you do decrypt is kept immediately in a SecureString (CryptoStream byte by byte to SecureString followed by dispose to purge the buffers from memory).
因此不建议您从 Azure KeyVault 中获取 SecureString。
你可以参考这个问题Azure KeyVault client should support SecureStrings
。
对于检查此内容的任何其他人,无法直接从 Azure KeyVault 中获取 SecureString。
我有一个 Azure KeyVault,它提供了我想读入 SecureString 的密码。
如果我尝试从 IConfiguration 对象中读取作为 SecureString 的字符串,它将 return 为 null:
config.GetValue<SecureString>("AdminPW") == null
我可以将字符串作为字符串读取并转换为 SecureString,但这似乎是一个肮脏的 hack:
var pass = new SecureString();
foreach (var c in config.GetValue<string>("AdminPW").ToCharArray())
{
pass.AppendChar(c);
}
有没有办法直接从 IConfiguration 获取 SecureString?
正如汉斯所说,这不是安全。
If the assemblies you are using don't have native support for
SecureString
serialization, that's exactly where you Key Vault as a service for secrets need to pass them only an encrypted payload which when you do decrypt is kept immediately in a SecureString (CryptoStream byte by byte to SecureString followed by dispose to purge the buffers from memory).
因此不建议您从 Azure KeyVault 中获取 SecureString。
你可以参考这个问题Azure KeyVault client should support SecureStrings
。
对于检查此内容的任何其他人,无法直接从 Azure KeyVault 中获取 SecureString。