gpt4 book ai didi

c# - 我们应该如何在 Azure Function 中将 Azure Key Vault 与 IOptions 结合使用?

转载 作者:行者123 更新时间:2023-12-03 06:52:48 27 4
gpt4 key购买 nike

我正在使用IOptions我的 Azure 函数中的模式,并且我正在从 Azure key 保管库检索 Mailjet key 。

我创建了以下 MailjetConfigOption 类:

 public class MailjetConfigOption
{
public string PublicKey { get; set; }

public string SecretKey { get; set; }

}

我已经在Startup.cs中注册了

[assembly: FunctionsStartup(typeof(Startup))]
namespace Emails.Dispatcher
{
public class Startup : FunctionsStartup
{
public override void Configure(IFunctionsHostBuilder builder)
{

builder.Services.AddLogging();
builder.Services.AddHttpClient();
builder.Services.AddOptions<MailjetConfigOption>()
.Bind(builder.GetContext().Configuration.GetSection(nameof(MailjetConfigOption)));

}
}
}

下面是我的 local.settings.json 文件:

"MailjetConfigOption:PublicKey": "load from key vault",
"MailjetConfigOption:SecretKey": "load from key vault",

下面是我的 key 保管库缓存类,添加它是为了从 key 保管库加载 secret 。

 public static class KeyVaultCache
{
private const string KeyVaultSettingsUrl = "KeyVaultConfigOption:Url";
private static Dictionary<string, string> SecretsCache = new Dictionary<string, string>();
private static KeyVaultClient _KeyVaultClient = null;

public static KeyVaultClient KeyVaultClient
{
get
{
if (_KeyVaultClient is null)
{
var provider = new AzureServiceTokenProvider();
_KeyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback));
}
return _KeyVaultClient;
}
}

public async static Task<string> GetCachedSecret(string secretName)
{
if (!SecretsCache.ContainsKey(secretName))
{
string baseUri = GetBaseUri();

var secretBundle = await KeyVaultClient.GetSecretAsync($"{baseUri}secrets/{secretName}");
if (!SecretsCache.ContainsKey(secretName))
SecretsCache.Add(secretName, secretBundle.Value);
}
return SecretsCache.ContainsKey(secretName) ? SecretsCache[secretName] : string.Empty;
}

private static string GetBaseUri()
{
string baseUri = Environment.GetEnvironmentVariable(KeyVaultSettingsUrl, EnvironmentVariableTarget.Process);

Ensure.ConditionIsMet(baseUri.IsNotNullOrEmpty(),
() => new InvalidOperationException($"Unable to locate configured {KeyVaultSettingsUrl}"));

return baseUri;
}

下面是我想使用 IOptions 的 MailjetClientFactory 类,但它是从 local.settings.json 而不是 Key Vault 加载配置,那么如何从 Key Vault 检索这些配置?如何将 KeyVaultCacheMailjetConfigOption 一起使用?

public class MailjetClientFactory : IMailjetClientFactory
{
private readonly MailjetConfigOption _mailjetConfigOption;

public MailjetClientFactory(IOptions<MailjetConfigOption> mailjetConfigOption)
{
_mailjetConfigOption = mailjetConfigOption.Value;
}

public IMailjetClient CreateClient()
{
return new MailjetClient(_mailjetConfigOption.PublicKey,
_mailjetConfigOption.SecretKey)
{
Version = ApiVersion.V3_1
};
}
}

最佳答案

当您使用 Environment.GetEnvironmentVariable 进行阅读时,您可以利用 Key Vault Reference 来为您检索 secret 。

步骤:

1-向您的 Azure 函数应用添加托管身份

2-在 Azure key 保管库中添加一个策略,该策略将为步骤 1 中创建的托管标识授予 GET 和 LIST 权限

3-使用 Azure Function App 设置中的 key 保管库引用:

@Microsoft.KeyVault(SecretUri={SECRET_URL})

更多信息:

https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

关于c# - 我们应该如何在 Azure Function 中将 Azure Key Vault 与 IOptions<T> 结合使用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73404206/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com