问题
I am writing a .Net console application to create Key Vault but not able to find class/method in Microsoft.Azure.KeyVault assembly that allows creating Vault and setting service principal to that vault.
Can someone please point me to the assembly/class that i can use to create vault.
Thanks
回答1:
The class you are looking for is the KeyVaultManagementClient in the Microsoft.Azure.Management.KeyVault namespace. This is defined in the management KeyVault assembly you can get from NuGet.
The main parts of the code to do this are shown below. However, be advised that I have abbreviated some things (properties, subscription credentials, etc.) that you will have to further define and initialize. If you want to see a complete solution check out the samples in the .NET Azure SDK, in particular, the KeyVaultManagement.Tests project.
// The resource group to create the vault in.
const string resourceGroupName = "Vaults-Resource-Group";
// The name of the vault to create.
const string vaultName = "web-app-01-vault";
// Define access policies to keys and secrets (abbreviated just to illustrate...)
var accessPolicy = new AccessPolicyEntry
{
ApplicationId = sp,
PermissionsToKeys = new string[] { "all" },
PermissionsToSecrets = new string[] { "backup", "create", "delete" } //etc. just to name a few
};
// Define vault properties (abbreviated just to illustrate...)
VaultProperties vaultProps = new VaultProperties()
{
EnabledForTemplateDeployment = true,
AccessPolicies = new List<AccessPolicyEntry>()
{
accessPolicy
}
};
// Initialize 'create parameters' to create the vault in "West US"
VaultCreateOrUpdateParameters vaultParams = new VaultCreateOrUpdateParameters(vaultProps, "westus");
// Initialize an instance to the mgmt client
// NOTE: Need to initialize creds derived from SubscriptionCloudCredentials
KeyVaultManagementClient mgmtClient = new KeyVaultManagementClient(creds);
// Create the vault
mgmtClient.Vaults.CreateOrUpdateAsync(resourceGroupName, vaultName, vaultParams);
回答2:
For some reason, there is no such functionality in the client SDK (or, at least, i was not able to find that as well even by going through the code placed on the Github repo of the SDK). There is the REST API for Create/Update key vault, so you may create that by using that. Or PowerShell - it is possible to execute Powershell from C# and i tried to do that - it works, but should be tested.
来源:https://stackoverflow.com/questions/37276458/creating-azure-key-vault-using-net-assembly-microsoft-azure-keyvault