问题
I have a local asp.net core 3.1 application that I want to set a secret in an Azure Key Vault. The following is the code I used from Microsoft:
string secretName = "xxSecret";
string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME");
var kvUri = "https://" + keyVaultName + ".vault.azure.net";
var secretClient = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());
string secretValue = "test";
secretClient.SetSecret(secretName, secretValue);
KeyVaultSecret secret = secretClient.GetSecret(secretName);
When I try to set a secret, I get the following error in Postman:
Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed.
---> Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed.
---> Microsoft.Identity.Client.MsalServiceException: AADSTS70002: The client does not exist or is not
enabled for consumers. If you are the application developer, configure a new application through the
App Registrations in the Azure Portal
I don't want to register this app, yet as I want to debug this locally. I'm guessing the issue is that I don't a correct Access Policy set up. How do I grant my local app access?
(Before I run the app locally, I authenticate to my Azure directory using Azure PowerShell. )
回答1:
How do I grant my local app access?
For local development, AzureServiceTokenProvider fetches tokens using Visual Studio, Azure CLI, or Azure AD Integrated Authentication. Each option is tried sequentially and the library uses the first option that succeeds.
To authenticate by using Visual Studio:
Sign in to Visual Studio and use Tools > Options to open Options.
Select Azure Service Authentication, choose an account for local development, and select OK.
On azure, you need to go to your Azure keyvault. Click Access Policies and add your account which login vs before with Get and Set permission for secret.
Then you could use your code to get the secret value.
Also you could use AzureServiceTokenProvider to get secret without initializing your secret value.
var KeyVaultUrl = "https://xxx.vault.azure.net/secrets/xxx/xxxxxxxxxxxxxx";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = keyVaultClient.GetSecretAsync(KeyVaultUrl).Result.Value;
来源:https://stackoverflow.com/questions/61281683/how-to-set-a-secret-in-azure-key-vault-from-a-local-asp-net-application