我的 Azure 密钥保管库充满了 GUID。是因为我使用 AddAzureKeyVault 将密钥保管库合并到我的配置中吗?
My Azure key vault is full of GUIDs. Is it because I use AddAzureKeyVault to merge the key vault into my configuration?
我有一个在 Azure 中运行并使用 Azure 密钥保管库的 C# ASP.NET 核心应用程序。在我的 Program.cs 中,我使用 AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(来自 Azure.Extensions.AspNetCore.Configuration.Secrets 版本1.2.1.0) 将 Azure 密钥保管库机密合并到我的配置中:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var secretClient = new SecretClient(keyVaultUri, credential);
var options = new AzureKeyVaultConfigurationOptions { ReloadInterval = keyVaultReloadInterval };
config.AddAzureKeyVault(secretClient, options);
});
最近我注意到我的密钥库中充满了名称为 GUID 的秘密。我不相信我或其他任何人故意创造这些。
此外,我曾经在 Azure 中的一个应用程序实例中收到此错误:
{"error":{"code":"SecretNotFound","message":"A secret with (name/id) was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182"}}
根据堆栈跟踪,此异常来自应用程序尝试构建配置的位置。
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
at Azure.Security.KeyVault.Secrets.SecretClient.GetSecretAsync(String name, String version, CancellationToken cancellationToken)
at Azure.Extensions.AspNetCore.Configuration.Secrets.ParallelSecretLoader.GetSecret(String secretName)
at Azure.Extensions.AspNetCore.Configuration.Secrets.AzureKeyVaultConfigurationProvider.LoadAsync()
at Azure.Extensions.AspNetCore.Configuration.Secrets.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration()
at Microsoft.Extensions.Hosting.HostBuilder.Build()
at Program.Main(String[] args) in C:\path\to\Program.cs:line 23
这表明 AzureKeyVaultConfigurationProvider 在密钥保管库中创建并需要这些 GUID。有谁更确切地知道它的作用?这有记录吗?
在您的密钥保管库上启用日志记录。这将显示在 Key Vault 上执行的操作以及执行这些操作的服务主体。这应该足以告诉您它们来自哪里。
我有一个在 Azure 中运行并使用 Azure 密钥保管库的 C# ASP.NET 核心应用程序。在我的 Program.cs 中,我使用 AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(来自 Azure.Extensions.AspNetCore.Configuration.Secrets 版本1.2.1.0) 将 Azure 密钥保管库机密合并到我的配置中:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var secretClient = new SecretClient(keyVaultUri, credential);
var options = new AzureKeyVaultConfigurationOptions { ReloadInterval = keyVaultReloadInterval };
config.AddAzureKeyVault(secretClient, options);
});
最近我注意到我的密钥库中充满了名称为 GUID 的秘密。我不相信我或其他任何人故意创造这些。
此外,我曾经在 Azure 中的一个应用程序实例中收到此错误:
{"error":{"code":"SecretNotFound","message":"A secret with (name/id) was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182"}}
根据堆栈跟踪,此异常来自应用程序尝试构建配置的位置。
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
at Azure.Security.KeyVault.Secrets.SecretClient.GetSecretAsync(String name, String version, CancellationToken cancellationToken)
at Azure.Extensions.AspNetCore.Configuration.Secrets.ParallelSecretLoader.GetSecret(String secretName)
at Azure.Extensions.AspNetCore.Configuration.Secrets.AzureKeyVaultConfigurationProvider.LoadAsync()
at Azure.Extensions.AspNetCore.Configuration.Secrets.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration()
at Microsoft.Extensions.Hosting.HostBuilder.Build()
at Program.Main(String[] args) in C:\path\to\Program.cs:line 23
这表明 AzureKeyVaultConfigurationProvider 在密钥保管库中创建并需要这些 GUID。有谁更确切地知道它的作用?这有记录吗?
在您的密钥保管库上启用日志记录。这将显示在 Key Vault 上执行的操作以及执行这些操作的服务主体。这应该足以告诉您它们来自哪里。