C# 使用前缀从Azure密钥库获取所有机密
我想知道是否有可能通过前缀获取所有Azure Key Vault机密 假设我有三个秘密C# 使用前缀从Azure密钥库获取所有机密,c#,azure,azure-keyvault,C#,Azure,Azure Keyvault,我想知道是否有可能通过前缀获取所有Azure Key Vault机密 假设我有三个秘密 key: pre-secret1 value: value1 key: secret2 value: value2 key: pre-secret3 value: value3 我想用前缀pre获取所有机密,并将它们序列化为JSON。 将来,我会有更多带有前缀的机密,所以我不想手动读取机密。 因此,当我添加一个带有前缀的新密码时,我的函数也将返回带有新值的JSON 问题是:是否可以通过前缀从Azur
key: pre-secret1
value: value1
key: secret2
value: value2
key: pre-secret3
value: value3
我想用前缀pre获取所有机密,并将它们序列化为JSON。
将来,我会有更多带有前缀的机密,所以我不想手动读取机密。
因此,当我添加一个带有前缀的新密码时,我的函数也将返回带有新值的JSON
问题是:是否可以通过前缀从Azure密钥库获取机密并动态序列化为JSON
更新:我想在ASP.NET Core 3.1和C#中使用它。
更新2:我补充了如何获得一个秘密
var client = new SecretClient(vaultUri: new Uri(kvUri), credential: new DefaultAzureCredential(true));
var secret = client.GetSecret("secret-name");
您可以使用下面的代码来实现这一点。
GetSecretsAsync
方法提供了vault中所有密钥和机密的字典
public async Task<IDictionary<string, string>> GetSecretsAsync(string vaultBaseUrl, string prefix = null, string keyVaultKeyDelimeter = "--", string configurationKeyDelimeter = ":")
{
// validation
BaseUrlValidation(vaultBaseUrl);
// variable declartion
IDictionary<string, string> secretCollection = new Dictionary<string, string>();
var updatedPrefix = string.IsNullOrWhiteSpace(prefix) ? prefix : $"{prefix}{keyVaultKeyDelimeter}";
List<SecretItem> secretIdentifierCollection = new List<SecretItem>();
// reading and adding secrets
var secrets = await this.keyVaultClient.GetSecretsAsync(vaultBaseUrl).ConfigureAwait(false);
string nextPageLink = secrets.NextPageLink;
secretIdentifierCollection.AddRange(secrets);
while (!string.IsNullOrWhiteSpace(nextPageLink))
{
// reading and adding secrets
var nextSecrets = await this.keyVaultClient.GetSecretsNextAsync(nextPageLink).ConfigureAwait(false);
secretIdentifierCollection.AddRange(nextSecrets);
nextPageLink = nextSecrets.NextPageLink;
}
if (!secretIdentifierCollection.Any())
{
return secretCollection;
}
// add filtered secrets to dictionary and remove prefix if any
foreach (var secretId in FilterPrefixMatchingSecrets(updatedPrefix, secretIdentifierCollection))
{
await this.FetchSecretDetailsAsync(updatedPrefix, keyVaultKeyDelimeter, configurationKeyDelimeter, secretCollection, secretId);
}
return secretCollection;
}
private async Task FetchSecretDetailsAsync(string prefix, string keyVaultKeyDelimeter, string configurationKeyDelimeter, IDictionary<string, string> secretCollection, string secretId)
{
var secretDetails = await this.keyVaultClient.GetSecretAsync(secretId).ConfigureAwait(false);
var secretName = secretDetails.SecretIdentifier.Name.Substring(string.IsNullOrWhiteSpace(prefix) ? 0 : prefix.Length).Replace(keyVaultKeyDelimeter, configurationKeyDelimeter);
if (!secretCollection.ContainsKey(secretName))
{
secretCollection.Add(secretName, secretDetails.Value);
}
}
public异步任务GetSecretsAsync(string vaultBaseUrl,string prefix=null,string keyVaultKeyDelimeter=“--”,string configurationKeyDelimeter=“:”)
{
//验证
BaseUrlValidation(Vault BaseUrl);
//可变申报
IDictionary secretCollection=新字典();
var updatedPrefix=string.IsNullOrWhiteSpace(前缀)?前缀:$“{prefix}{keyVaultKeyDelimeter}”;
List secretIdentifierCollection=新列表();
//阅读和添加秘密
var secrets=wait this.keyVaultClient.GetSecretsAsync(vaultBaseUrl.configurewait(false);
字符串nextPageLink=secrets.nextPageLink;
secretIdentifierCollection.AddRange(机密);
而(!string.IsNullOrWhiteSpace(nextPageLink))
{
//阅读和添加秘密
var nextSecrets=wait this.keyVaultClient.GetSecretsNextAsync(nextPageLink).configurewait(false);
secretIdentifierCollection.AddRange(nextSecrets);
nextPageLink=nextSecrets.nextPageLink;
}
如果(!secretIdentifierCollection.Any())
{
返回秘密收集;
}
//将筛选的机密添加到字典中,并删除前缀(如果有)
foreach(FilterPrefixMatchingSecrets中的变量secretId(updatedPrefix,secretIdentifierCollection))
{
等待此消息。FetchSecretDetailsAsync(更新的前缀、keyVaultKeyDelimeter、configurationKeyDelimeter、secretCollection、secretId);
}
返回秘密收集;
}
私有异步任务FetchSecretDetailsAsync(字符串前缀、字符串keyVaultKeyDelimeter、字符串配置KeyDelimeter、IDictionary secretCollection、字符串secretId)
{
var secretDetails=wait this.keyVaultClient.GetSecretAsync(secretId).configurewait(false);
var secretName=secretDetails.SecretIdentifier.Name.Substring(string.IsNullOrWhiteSpace(前缀)?0:prefix.Length)。替换(keyVaultKeyDelimeter,configurationKeyDelimeter);
如果(!secretCollection.ContainsKey(secretName))
{
添加(secretName,secretDetails.Value);
}
}
您可以使用下面的代码来实现这一点。GetSecretsAsync
方法提供了vault中所有密钥和机密的字典
public async Task<IDictionary<string, string>> GetSecretsAsync(string vaultBaseUrl, string prefix = null, string keyVaultKeyDelimeter = "--", string configurationKeyDelimeter = ":")
{
// validation
BaseUrlValidation(vaultBaseUrl);
// variable declartion
IDictionary<string, string> secretCollection = new Dictionary<string, string>();
var updatedPrefix = string.IsNullOrWhiteSpace(prefix) ? prefix : $"{prefix}{keyVaultKeyDelimeter}";
List<SecretItem> secretIdentifierCollection = new List<SecretItem>();
// reading and adding secrets
var secrets = await this.keyVaultClient.GetSecretsAsync(vaultBaseUrl).ConfigureAwait(false);
string nextPageLink = secrets.NextPageLink;
secretIdentifierCollection.AddRange(secrets);
while (!string.IsNullOrWhiteSpace(nextPageLink))
{
// reading and adding secrets
var nextSecrets = await this.keyVaultClient.GetSecretsNextAsync(nextPageLink).ConfigureAwait(false);
secretIdentifierCollection.AddRange(nextSecrets);
nextPageLink = nextSecrets.NextPageLink;
}
if (!secretIdentifierCollection.Any())
{
return secretCollection;
}
// add filtered secrets to dictionary and remove prefix if any
foreach (var secretId in FilterPrefixMatchingSecrets(updatedPrefix, secretIdentifierCollection))
{
await this.FetchSecretDetailsAsync(updatedPrefix, keyVaultKeyDelimeter, configurationKeyDelimeter, secretCollection, secretId);
}
return secretCollection;
}
private async Task FetchSecretDetailsAsync(string prefix, string keyVaultKeyDelimeter, string configurationKeyDelimeter, IDictionary<string, string> secretCollection, string secretId)
{
var secretDetails = await this.keyVaultClient.GetSecretAsync(secretId).ConfigureAwait(false);
var secretName = secretDetails.SecretIdentifier.Name.Substring(string.IsNullOrWhiteSpace(prefix) ? 0 : prefix.Length).Replace(keyVaultKeyDelimeter, configurationKeyDelimeter);
if (!secretCollection.ContainsKey(secretName))
{
secretCollection.Add(secretName, secretDetails.Value);
}
}
public异步任务GetSecretsAsync(string vaultBaseUrl,string prefix=null,string keyVaultKeyDelimeter=“--”,string configurationKeyDelimeter=“:”)
{
//验证
BaseUrlValidation(Vault BaseUrl);
//可变申报
IDictionary secretCollection=新字典();
var updatedPrefix=string.IsNullOrWhiteSpace(前缀)?前缀:$“{prefix}{keyVaultKeyDelimeter}”;
List secretIdentifierCollection=新列表();
//阅读和添加秘密
var secrets=wait this.keyVaultClient.GetSecretsAsync(vaultBaseUrl.configurewait(false);
字符串nextPageLink=secrets.nextPageLink;
secretIdentifierCollection.AddRange(机密);
而(!string.IsNullOrWhiteSpace(nextPageLink))
{
//阅读和添加秘密
var nextSecrets=wait this.keyVaultClient.GetSecretsNextAsync(nextPageLink).configurewait(false);
secretIdentifierCollection.AddRange(nextSecrets);
nextPageLink=nextSecrets.nextPageLink;
}
如果(!secretIdentifierCollection.Any())
{
返回秘密收集;
}
//将筛选的机密添加到字典中,并删除前缀(如果有)
foreach(FilterPrefixMatchingSecrets中的变量secretId(updatedPrefix,secretIdentifierCollection))
{
等待此消息。FetchSecretDetailsAsync(更新的前缀、keyVaultKeyDelimeter、configurationKeyDelimeter、secretCollection、secretId);
}
返回秘密收集;
}
私有异步任务FetchSecretDetailsAsync(字符串前缀、字符串keyVaultKeyDelimeter、字符串配置KeyDelimeter、IDictionary secretCollection、字符串secretId)
{
var secretDetails=wait this.keyVaultClient.GetSecretAsync(secretId).configurewait(false);
var secretName=secretDetails.SecretIdentifier.Name.Substring(string.IsNullOrWhiteSpace(前缀)?0:prefix.Length)。替换(keyVaultKeyDelimeter,configurationKeyDelimeter);
如果(!secretCollection.ContainsKey(secretName))
{
添加(secretName,secretDetails.Value);
}
}
我已经更新了我的帖子。我想在ASP.NET Core 3.1和C#中使用它。在查询机密时,您能否在名称中添加通配符?请显示您当前拥有的代码,以便我们提供帮助。@RufusL我添加了如何获得一个秘密。没有获取机密的方法。您可以尝试以下操作:您需要获取所有机密wait client.GetSe