启动期间 IConfiguration 中的 Azure KeyVault 机密值不可用
Azure KeyVault Secret Value not available in IConfiguration during Startup
由于某种原因,我们无法在启动时从 Azure KeyVault 检索机密值。虽然这个秘密似乎可以通过 IConfiguration 接口在过程中使用的方法中获得。我想我们在某处做错了,或者可能是来自 Azure 的数据仅可用服务初始化已完成。
我们正在使用 .net core 3.1 web api 和 Azure Key Vault Managed Identity。
这是相关的代码。如果您发现任何异常情况,请告诉我。
我们有 KeyVault 秘密名称:MyApp-AppSettings--Key
在Program.cs
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var configurationRoot = ConfigurationBuilder.Build();
var keyVaultUrl = configurationRoot["KeyVaultUrl"];
config.AddAzureKeyVault(new Uri(keyVaultUrl), new DefaultAzureCredential(), new PrefixKeyVaultSecretManager("myApp"));
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
我们的启动文件如下所示。
public class Startup
{
public Startup(IWebHostEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
ContentRootPath = env.ContentRootPath;
}
public IConfiguration Configuration { get; }
public string ContentRootPath { get; set; }
public void ConfigureServices(IServiceCollection services)
{
services.AddHsts(options =>
{
options.Preload = true;
options.IncludeSubDomains = true;
options.MaxAge = TimeSpan.FromDays(365);
});
**var conf = Configuration.GetSection("AppSettings").Get<Config>();**
**services.Configure<Config>(Configuration.GetSection("AppSettings"));**
**services.AddSingleton<IAppSettings>(c => conf);**
services.RegisterStorage(new StorageConfiguration
{
ConnectionString = "ConnectionString",
Key = Convert.FromBase64String(**conf.Key**) // conf.Key is "". Does not work
});
services.AddScoped<IProcessHandler, ProcessHandler>();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHsts();
app.UseHttpsRedirection();
app.UseHttpStatusCodeExceptionMiddleware();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
private static void LoadMediatorHandlers(IServiceCollection services)
{
foreach (var assembly in Assembly
.GetEntryAssembly()
.GetReferencedAssemblies()
.Select(Assembly.Load)
.Where(name => (name.FullName.Contains("Queries") || name.FullName.Contains("Commands"))))
{
services.AddMediatR(assembly);
}
services.AddMediatR(typeof(Startup));
services.AddScoped<IMediator, Mediator>();
}
}
当我们在此过程中调用 ProcessXyz 方法时,该值在 IProcessHandler 中可用。这样做是为了测试我们是否能够从 KeyVault 中检索值。
public class ProcessHandler : IProcessHandler
{
private readonly IConfiguration _configuration;
public ProcessHandler(IConfiguration configuration)
{
_configuration = configuration;
}
public async Task<ClassA> ProcessXyz()
{
var KeyVaultValue = _configuration["AppSettings:Key"]; //This works
}
}
请注意:出于安全问题,我刚刚添加了所需的代码并替换了实际名称。
提前致谢
在启动构造函数中,您创建了一个新的配置生成器,它具有一组有限的源并且缺少 Azure Key Vault 提供程序。因此,与其创建新的配置生成器,不如注入 DI 容器中现成的配置生成器。
所以用这个改变启动构造函数。
public Startup(IWebHostEnvironment env, IConfiguration configuration)
{
Configuration = configuration;
ContentRootPath = env.ContentRootPath;
}
然后程序 class 中准备的配置将用于将其注入到启动设置中,从而获取配置的所有不同默认源(包括命令行源)和另外一个已添加。
由于某种原因,我们无法在启动时从 Azure KeyVault 检索机密值。虽然这个秘密似乎可以通过 IConfiguration 接口在过程中使用的方法中获得。我想我们在某处做错了,或者可能是来自 Azure 的数据仅可用服务初始化已完成。
我们正在使用 .net core 3.1 web api 和 Azure Key Vault Managed Identity。
这是相关的代码。如果您发现任何异常情况,请告诉我。
我们有 KeyVault 秘密名称:MyApp-AppSettings--Key
在Program.cs
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var configurationRoot = ConfigurationBuilder.Build();
var keyVaultUrl = configurationRoot["KeyVaultUrl"];
config.AddAzureKeyVault(new Uri(keyVaultUrl), new DefaultAzureCredential(), new PrefixKeyVaultSecretManager("myApp"));
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
我们的启动文件如下所示。
public class Startup
{
public Startup(IWebHostEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
ContentRootPath = env.ContentRootPath;
}
public IConfiguration Configuration { get; }
public string ContentRootPath { get; set; }
public void ConfigureServices(IServiceCollection services)
{
services.AddHsts(options =>
{
options.Preload = true;
options.IncludeSubDomains = true;
options.MaxAge = TimeSpan.FromDays(365);
});
**var conf = Configuration.GetSection("AppSettings").Get<Config>();**
**services.Configure<Config>(Configuration.GetSection("AppSettings"));**
**services.AddSingleton<IAppSettings>(c => conf);**
services.RegisterStorage(new StorageConfiguration
{
ConnectionString = "ConnectionString",
Key = Convert.FromBase64String(**conf.Key**) // conf.Key is "". Does not work
});
services.AddScoped<IProcessHandler, ProcessHandler>();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHsts();
app.UseHttpsRedirection();
app.UseHttpStatusCodeExceptionMiddleware();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
private static void LoadMediatorHandlers(IServiceCollection services)
{
foreach (var assembly in Assembly
.GetEntryAssembly()
.GetReferencedAssemblies()
.Select(Assembly.Load)
.Where(name => (name.FullName.Contains("Queries") || name.FullName.Contains("Commands"))))
{
services.AddMediatR(assembly);
}
services.AddMediatR(typeof(Startup));
services.AddScoped<IMediator, Mediator>();
}
}
当我们在此过程中调用 ProcessXyz 方法时,该值在 IProcessHandler 中可用。这样做是为了测试我们是否能够从 KeyVault 中检索值。
public class ProcessHandler : IProcessHandler
{
private readonly IConfiguration _configuration;
public ProcessHandler(IConfiguration configuration)
{
_configuration = configuration;
}
public async Task<ClassA> ProcessXyz()
{
var KeyVaultValue = _configuration["AppSettings:Key"]; //This works
}
}
请注意:出于安全问题,我刚刚添加了所需的代码并替换了实际名称。
提前致谢
在启动构造函数中,您创建了一个新的配置生成器,它具有一组有限的源并且缺少 Azure Key Vault 提供程序。因此,与其创建新的配置生成器,不如注入 DI 容器中现成的配置生成器。
所以用这个改变启动构造函数。
public Startup(IWebHostEnvironment env, IConfiguration configuration)
{
Configuration = configuration;
ContentRootPath = env.ContentRootPath;
}
然后程序 class 中准备的配置将用于将其注入到启动设置中,从而获取配置的所有不同默认源(包括命令行源)和另外一个已添加。