azure-keyvault

问题 I am using .NET Core 2.0 and ASP.NET Core 2.0 for application development. The "test" application is a .NET Core Console application. The core code I am writing is a class library. Once proper testing. I choose to do this since I won't be putting this to use for awhile (it's replacing older ASPNET code). Anyway, since I have to work with a LOT of API keys for various services I decided to use Microsoft Azure Key Vault for storing the keys. I have this all setup and understand how this works.

问题 I'm trying to setup a new Always Encrypted database using Azure Key Vault (I have previously had this working). In the SSMS Always Encrypted Wizard I can select the table and column to encrypt but I have a problem after selecting "Azure Key Vault" as the key store provider. I login and the window briefly pops up the dropdown that correctly lists my Key Vault in Azure but then it immediately goes away and has a warning triangle with the word "Purge" next to it and a "Try Again" button.

问题 I am a little confused by Microsoft's scattered documentation. I have created an application (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal), which means I now have: Application ID Key Directory ID I have gone into the KeyVault in Azure Portal, and I have granted permissions to the application. For test purposes, I am trying to run a test via CURL. The basis I am using for this is the following Microsoft pages (https://docs

问题 I have premium storage account for which I enabled Encryption just after creating this and I found this link https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption to check whether blob are encrypted or not. Now if I encrypt OS disk and data disk using Azure key vault which is also used to protect data at rest but encrypted storage account also does same thing. Could any one explain what difference among these two. I know about keys, secrets etc. so I don't want this diff.

问题 Any idea if store and retrieval (export the symmetric key out of keyvault) of symmetric keys is supported in Azure Kev vault or possible? I referenced Azure Keyvault documents here and it mentions the Symmetric keys are not supported and may be supported in future (not sure though if the documentation I read is current). If it’s not supported, is there a way to simulate this using other interfaces like Secrets? Could you share a sample code to do this using Azure Keyvault REST API? 回答1: You

问题 I've been following this guide to use a certificate to authenticate with key vault from azure batch. Every certificate I generate causes errors on import into azure batch, some examples are listed below: code : InvalidPropertyValue message : The value provided for one of the properties in the request body is invalid. PropertyName: data Reason: The specified data and the password do not match or Unable to get property 'tbsCertificate' of undefined or null reference or Unable to decrypt PKCS#8

问题 I created a simple Azure function with a HTTPTrigger that returns the secret value for a key set through the portal in Azure. The value is stored as @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931) The Function has system assigned managed identity enabled in Platform Features>Identity. The Key Vault has the secret added with the value. The Key Vault also has an Access Policy defined with full access for keys, secrets and

问题 I follow the instruction here to create an Managed Service Identity. So now in my environment variable, I have MSI_ENDPOINT and MSI_SECRET. In my typescript (node.js) project, I imported the following project: import {KeyVaultCredentials, KeyVaultClient} from "azure-keyvault"; import {AuthenticationContext, ErrorResponse, TokenResponse} from "adal-node"; If I wasn't using MSI, I could access my key vault using the following code: let keyVaultCredentials = new KeyVaultCredentials(KeyVault

问题 I'm trying to access KeyVault from an .net Core console application, using a Service Principle (I have the App Id and App Secret ). Here's my code: var client = new KeyVaultClient(GetAccessToken); var secret = client.GetSecretAsync("https://{keyvaultName}.vault.azure.net", "MySecret").Result; Which calls back to this function: private static async Task<string> GetAccessToken(string authority, string resource, string scope) { var context = new AuthenticationContext(authority, TokenCache

问题 I was wondering if it's possible to initialize the queue trigger or even the blob trigger off a connection string that is read from azure vault. Right now, we have to set these data connection via environment settings via blade properties. However, I wanted to just use the service principal to retrieve the token for the azure key vault to get all these connection strings. I'm trying to figure how to get this working in java. Thanks, Derek 回答1: This feature is tracked and in progress here: