Programatically adding Secrets to Key Vault in C#

前端未结

关注

 1  1897

轮回少年 2021-02-08 19:59

I am attempting to put some output from a service I am running in a Key Vault in Azure. The output of my service will be user credentials which is why I want to use Key Vault f

1条回答

无人及你 (楼主)

2021-02-08 20:18

Use patience (await creation).

// Let's create a secret and read it back
string vaultBaseUrl = "https://alice.vault.azure.net";
string secret = "from-NET-SDK";

// Await SetSecretAsync
KeyVaultClient keyclient = new KeyVaultClient(GetToken);
var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result;

// Print indented JSON response
string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented);
Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n");

// Read back secret
string secretUrl = $"{vaultBaseUrl}/secrets/{secret}";
var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result;
Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}");

Result:

SetSecretAsync completed:

{  
   "SecretIdentifier":{  
      "BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK",
      "Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...",
      "Name":"from-NET-SDK",
      "Vault":"https://alice.vault.azure.net:443",
      "VaultWithoutScheme":"alice.vault.azure.net",
      "Version":"597930b70565447d8ba9ba525a206a9e"
   },
   "value":"Sup3eS3c5et",
   "id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...",
   "contentType":null,
   "attributes":{  
      "recoveryLevel":"Purgeable",
      "enabled":true,
      "nbf":null,
      "exp":null,
      "created":1508354384,
      "updated":1508354384
   },
   "tags":null,
   "kid":null,
   "managed":null
}

secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et

What you should really do is rewrite AddResult():

public bool AddResult(string machineIPAndPort, BruteForceResult result)
{
    await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/",
        machineIPAndPort, JsonConvert.SerializeObject(result));

    return true;
}

And maybe wrap that in a try-catch and read the InnerException since that's where the meaningful HTTP response body will be. For example, making the request against a Key Vault i don't have access to results in:

And also because this is the cloud, you're in for fierce competition with other mission critical traffic, things will fail.

0 讨论(0)