以编程方式将密码添加到C中的密钥保管库中＃

Question

我试图从我在Azure中的密钥保管库中运行的服务中输入一些输出。我的服务的输出将是用户凭证，这就是为什么我想使用密钥保险库来达到此目的的原因。到目前为止，我已经尝试了KeyVaultClient的SetSecretAsync方法，但它不适用于我，我没有收到任何错误消息，但是我也没有看到在我的目标KeyVault中创建的新密钥。我还没有找到KeyVaultClient Add Secret方法，因为它不存在，我在这里使用正确的对象/方法吗？

这里所讨论的方法是AddResult。

这里是我的代码：

private static AzureKeyVault instance; 
    private static KeyVaultClient client; 
    private AzureKeyVault() 
    { 
     //initialize the azure key vault 
     var vaultAddress = ConfigurationManager.AppSettings["VaultUri"]; 
     client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken)); 


    } 
    public static async Task<string> GetAccessToken(string authority, string resource, string scope) 
    { 
     var clientId = ConfigurationManager.AppSettings["ClientID"]; 
     var clientSecret = ConfigurationManager.AppSettings["ClientSecret"]; 
     ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); 

     var context = new AuthenticationContext(authority, TokenCache.DefaultShared); 
     var result = await context.AcquireTokenAsync(resource, clientCredential); 

     return result.AccessToken; 
    } 


    public static AzureKeyVault GetInstance 
    { 
     get 
     { 
      if (instance == null) 
      { 
       instance = new AzureKeyVault(); 
      } 
      return instance; 
     } 
    } 

    public void AddResult(string machineIPAndPort, BruteForceResult result) 
    { 
     client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", machineIPAndPort, JsonConvert.SerializeObject(result)); 
    } 

Answer 1

使用的耐心（等待人们去创造）。

// Let's create a secret and read it back 

string vaultBaseUrl = "https://alice.vault.azure.net"; 
string secret = "from-NET-SDK"; 

// Await SetSecretAsync 
KeyVaultClient keyclient = new KeyVaultClient(GetToken); 
var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result; 

// Print indented JSON response 
string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented); 
Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n"); 

// Read back secret 
string secretUrl = $"{vaultBaseUrl}/secrets/{secret}"; 
var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result; 
Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}"); 

结果：

SetSecretAsync completed: 

{ 
    "SecretIdentifier":{ 
     "BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK", 
     "Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...", 
     "Name":"from-NET-SDK", 
     "Vault":"https://alice.vault.azure.net:443", 
     "VaultWithoutScheme":"alice.vault.azure.net", 
     "Version":"597930b70565447d8ba9ba525a206a9e" 
    }, 
    "value":"Sup3eS3c5et", 
    "id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...", 
    "contentType":null, 
    "attributes":{ 
     "recoveryLevel":"Purgeable", 
     "enabled":true, 
     "nbf":null, 
     "exp":null, 
     "created":1508354384, 
     "updated":1508354384 
    }, 
    "tags":null, 
    "kid":null, 
    "managed":null 
} 

secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et 

你应该真的是改写AddResult()：

public bool AddResult(string machineIPAndPort, BruteForceResult result) 
{ 
    await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", 
     machineIPAndPort, JsonConvert.SerializeObject(result)); 

    return true; 
} 

也许包裹在一个try-catch和阅读InnerException因为that's where the meaningful HTTP response body will be。例如，使得对密钥库的要求我没有获得结果：

而且还因为这是云计算，你在与other mission critical traffic激烈的竞争，事情会失败。