Azure密钥库配置_Azure_Azure Keyvault

Azure密钥库配置

azure

Azure密钥库配置,azure,azure-keyvault,Azure,Azure Keyvault,我尝试解析密钥时出错 KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(GetToken); string keyvaultUrl = Microsoft.Azure.CloudConfigurationManager.GetSetting("KeyVaultUrl"); var rsa = cloudResolver.ResolveKeyAsync(keyvaultUrl, CancellationToken.None).G

我尝试解析密钥时出错

KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(GetToken);
string keyvaultUrl = Microsoft.Azure.CloudConfigurationManager.GetSetting("KeyVaultUrl");
var rsa = cloudResolver.ResolveKeyAsync(keyvaultUrl, CancellationToken.None).GetAwaiter().GetResult();
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);
BlobRequestOptions options = new BlobRequestOptions() { EncryptionPolicy = policy };

例外情况是：

Data: System.Collections.ListDictionaryInternal
User Name: uberserve
Message: Operation "get" is not allowed
Stack Trace:    at Microsoft.Azure.KeyVault.KeyVaultClient.<Do>d__11b`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.KeyVault.KeyVaultClient.<GetKeyAsync>d__5d.MoveNext()

听起来您没有设置访问策略来执行密钥的

GET

。是的-您需要添加

GET

操作。请参阅，特别提到，如果您希望能够读取密钥，则需要添加

get

策略。Brendan，您是对的。在PowerShell中创建策略时，我没有将GET添加到策略中。我改变了政策，效果很好。您应该将此设置为答案。

PS C:\> Set-AzureRmKeyVaultAccessPolicy -VaultName FirstLookVault -ServicePrincipalName '06b430c8-3689-4b5f-b954-566affefbd0c' -PermissionsToSecrets get -PermissionsToKeys wrapKey, unwrapKey,decrypt,encrypt