azure functions - 在哪里存储配置值
azure functions - where to store configuration values
抱歉,这是一个愚蠢的问题,但是设置 > 配置是存储 azure 函数的环境特定值的正确位置吗?
例如连接到 microsoft.graph 时,需要以下内容:
- 租户 ID
- 客户编号
- 客户端秘密
在设置 > 配置中存储客户端 ID 和租户 ID,然后将机密存储在密钥库中是否正确?
是的,是的。
Connection strings, environment variables, and other application settings are defined separately for each function app.
和
You can create any number of application settings required by your function code. There are also predefined application settings used by Functions. To learn more, see the App settings reference for Azure Functions.
These settings are stored encrypted. To learn more, see Application settings security.
Application settings can be managed from the Azure portal and by using the Azure CLI and Azure PowerShell. You can also manage application settings from Visual Studio Code and from Visual Studio.
和
Use application settings
The function app settings values can also be read in your code as environment variables.
来源:Manage your function app - Work with Application Settings.
有关已经可用的设置,请参阅 App settings reference for Azure Functions。
您想要在(功能)应用程序之间共享的配置设置可以存储在外部持久存储中,例如 App Configuration。
Azure App Configuration provides a service to centrally manage application settings and feature flags. Modern programs, especially programs running in a cloud, generally have many components that are distributed in nature. Spreading configuration settings across these components can lead to hard-to-troubleshoot errors during an application deployment. Use App Configuration to store all the settings for your application and secure their accesses in one place.
使用设置存储密钥是可以的。如果您想与其他服务共享机密,可以使用 Key Vault。
but is settings > configuration the correct place to store environment specific values for an azure function?
是的,您可以在应用程序配置中存储环境值。
Is it correct to store the client id & tenant id in settings > configuration, and then store the secret in a key vault?
是的,但 Azure 应用程序配置不会访问您的密钥保管库,因为您的应用程序将直接从密钥保管库中读取,您必须允许它读取密钥保管库中的机密。这可确保秘密始终保留在您的应用程序中。可以使用 Key Vault 访问策略或 Azure role-based 访问控制来授予访问权限。
参考资料:
Azure Key Vault 是存储租户 ID、客户端 ID 和机密的更好位置,因为它包含直接值并且可以被有权访问此的其他用户看到功能应用
如果您将机密值存储在 Key Vault 中,您可以管理可以访问它的用户和谁不能 给出 Identity to the KeyVault.
但是在 Azure Function App > Configuration 中,您可以像下面这样给出客户端密码的值:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)
客户端密钥存储在您的 key vault > secrets
路径中的位置
抱歉,这是一个愚蠢的问题,但是设置 > 配置是存储 azure 函数的环境特定值的正确位置吗?
例如连接到 microsoft.graph 时,需要以下内容:
- 租户 ID
- 客户编号
- 客户端秘密
在设置 > 配置中存储客户端 ID 和租户 ID,然后将机密存储在密钥库中是否正确?
是的,是的。
Connection strings, environment variables, and other application settings are defined separately for each function app.
和
You can create any number of application settings required by your function code. There are also predefined application settings used by Functions. To learn more, see the App settings reference for Azure Functions.
These settings are stored encrypted. To learn more, see Application settings security.
Application settings can be managed from the Azure portal and by using the Azure CLI and Azure PowerShell. You can also manage application settings from Visual Studio Code and from Visual Studio.
和
Use application settings
The function app settings values can also be read in your code as environment variables.
来源:Manage your function app - Work with Application Settings.
有关已经可用的设置,请参阅 App settings reference for Azure Functions。
您想要在(功能)应用程序之间共享的配置设置可以存储在外部持久存储中,例如 App Configuration。
Azure App Configuration provides a service to centrally manage application settings and feature flags. Modern programs, especially programs running in a cloud, generally have many components that are distributed in nature. Spreading configuration settings across these components can lead to hard-to-troubleshoot errors during an application deployment. Use App Configuration to store all the settings for your application and secure their accesses in one place.
使用设置存储密钥是可以的。如果您想与其他服务共享机密,可以使用 Key Vault。
but is settings > configuration the correct place to store environment specific values for an azure function?
是的,您可以在应用程序配置中存储环境值。
Is it correct to store the client id & tenant id in settings > configuration, and then store the secret in a key vault?
是的,但 Azure 应用程序配置不会访问您的密钥保管库,因为您的应用程序将直接从密钥保管库中读取,您必须允许它读取密钥保管库中的机密。这可确保秘密始终保留在您的应用程序中。可以使用 Key Vault 访问策略或 Azure role-based 访问控制来授予访问权限。
参考资料:
Azure Key Vault 是存储租户 ID、客户端 ID 和机密的更好位置,因为它包含直接值并且可以被有权访问此的其他用户看到功能应用
如果您将机密值存储在 Key Vault 中,您可以管理可以访问它的用户和谁不能 给出 Identity to the KeyVault.
但是在 Azure Function App > Configuration 中,您可以像下面这样给出客户端密码的值:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)
客户端密钥存储在您的 key vault > secrets
路径中的位置