以編程方式將密碼添加到C中的密鑰保管庫中＃

Question

我試圖從我在Azure中的密鑰保管庫中運行的服務中輸入一些輸出。我的服務的輸出將是用戶憑證，這就是爲什麼我想使用密鑰保險庫來達到此目的的原因。到目前爲止，我已經嘗試了KeyVaultClient的SetSecretAsync方法，但它不適用於我，我沒有收到任何錯誤消息，但是我也沒有看到在我的目標KeyVault中創建的新密鑰。我還沒有找到KeyVaultClient Add Secret方法，因爲它不存在，我在這裏使用正確的對象/方法嗎？

這裏所討論的方法是AddResult。

這裏是我的代碼：

private static AzureKeyVault instance; 
    private static KeyVaultClient client; 
    private AzureKeyVault() 
    { 
     //initialize the azure key vault 
     var vaultAddress = ConfigurationManager.AppSettings["VaultUri"]; 
     client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken)); 


    } 
    public static async Task<string> GetAccessToken(string authority, string resource, string scope) 
    { 
     var clientId = ConfigurationManager.AppSettings["ClientID"]; 
     var clientSecret = ConfigurationManager.AppSettings["ClientSecret"]; 
     ClientCredential clientCredential = new ClientCredential(clientId, clientSecret); 

     var context = new AuthenticationContext(authority, TokenCache.DefaultShared); 
     var result = await context.AcquireTokenAsync(resource, clientCredential); 

     return result.AccessToken; 
    } 


    public static AzureKeyVault GetInstance 
    { 
     get 
     { 
      if (instance == null) 
      { 
       instance = new AzureKeyVault(); 
      } 
      return instance; 
     } 
    } 

    public void AddResult(string machineIPAndPort, BruteForceResult result) 
    { 
     client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", machineIPAndPort, JsonConvert.SerializeObject(result)); 
    } 

Answer 1

使用的耐心（等待人們去創造）。

// Let's create a secret and read it back 

string vaultBaseUrl = "https://alice.vault.azure.net"; 
string secret = "from-NET-SDK"; 

// Await SetSecretAsync 
KeyVaultClient keyclient = new KeyVaultClient(GetToken); 
var result = keyclient.SetSecretAsync(vaultBaseUrl, secret, "Sup3eS3c5et").Result; 

// Print indented JSON response 
string prettyResult = JsonConvert.SerializeObject(result, Formatting.Indented); 
Console.WriteLine($"SetSecretAsync completed: {prettyResult}\n"); 

// Read back secret 
string secretUrl = $"{vaultBaseUrl}/secrets/{secret}"; 
var secretWeJustWroteTo = keyclient.GetSecretAsync(secretUrl).Result; 
Console.WriteLine($"secret: {secretWeJustWroteTo.Id} = {secretWeJustWroteTo.Value}"); 

結果：

SetSecretAsync completed: 

{ 
    "SecretIdentifier":{ 
     "BaseIdentifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK", 
     "Identifier":"https://alice.vault.azure.net:443/secrets/from-NET-SDK/59793...", 
     "Name":"from-NET-SDK", 
     "Vault":"https://alice.vault.azure.net:443", 
     "VaultWithoutScheme":"alice.vault.azure.net", 
     "Version":"597930b70565447d8ba9ba525a206a9e" 
    }, 
    "value":"Sup3eS3c5et", 
    "id":"https://alice.vault.azure.net/secrets/from-NET-SDK/59...", 
    "contentType":null, 
    "attributes":{ 
     "recoveryLevel":"Purgeable", 
     "enabled":true, 
     "nbf":null, 
     "exp":null, 
     "created":1508354384, 
     "updated":1508354384 
    }, 
    "tags":null, 
    "kid":null, 
    "managed":null 
} 

secret: https://alice.vault.azure.net/secrets/from-NET-SDK/59793... = Sup3eS3c5et 

你應該真的是改寫AddResult()：

public bool AddResult(string machineIPAndPort, BruteForceResult result) 
{ 
    await result = client.SetSecretAsync("https://vaultURI(redacted).vault.azure.net/", 
     machineIPAndPort, JsonConvert.SerializeObject(result)); 

    return true; 
} 

也許包裹在一個try-catch和閱讀InnerException因爲that's where the meaningful HTTP response body will be。例如，使得對密鑰庫的要求我沒有獲得結果：

而且還因爲這是雲計算，你在與other mission critical traffic激烈的競爭，事情會失敗。