Programatically adding Secrets to Key Vault in C#

前端 未结 1 1899
轮回少年
轮回少年 2021-02-08 19:59

I am attempting to put some output from a service I am running in a Key Vault in Azure. The output of my service will be user credentials which is why I want to use Key Vault f

相关标签:
1条回答
  • 2021-02-08 20:18

    Use patience (await creation).

    // Let's create a secret and read it back
    string vaultBaseUrl = "https://alice.vault.azure.net";
    string secret = "from-NET-SDK";
    
    // Await SetSecretAsync
    KeyVaultClient keyclient = new KeyVaultClient(GetToken);
    var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result;
    
    // Print indented JSON response
    string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented);
    Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n");
    
    // Read back secret
    string secretUrl = $"{vaultBaseUrl}/secrets/{secret}";
    var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result;
    Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}");
    

    Result:

    SetSecretAsync completed:
    
    {  
       "SecretIdentifier":{  
          "BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK",
          "Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...",
          "Name":"from-NET-SDK",
          "Vault":"https://alice.vault.azure.net:443",
          "VaultWithoutScheme":"alice.vault.azure.net",
          "Version":"597930b70565447d8ba9ba525a206a9e"
       },
       "value":"Sup3eS3c5et",
       "id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...",
       "contentType":null,
       "attributes":{  
          "recoveryLevel":"Purgeable",
          "enabled":true,
          "nbf":null,
          "exp":null,
          "created":1508354384,
          "updated":1508354384
       },
       "tags":null,
       "kid":null,
       "managed":null
    }
    
    secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et
    

    What you should really do is rewrite AddResult():

    public bool AddResult(string machineIPAndPort, BruteForceResult result)
    {
        await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/",
            machineIPAndPort, JsonConvert.SerializeObject(result));
    
        return true;
    }
    

    And maybe wrap that in a try-catch and read the InnerException since that's where the meaningful HTTP response body will be. For example, making the request against a Key Vault i don't have access to results in:

    And also because this is the cloud, you're in for fierce competition with other mission critical traffic, things will fail.

    0 讨论(0)
提交回复
热议问题