您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

用于 .NET 的 Azure Key Vault 库Azure Key Vault libraries for .NET

概述Overview

Azure 密钥保管库可帮助保护云应用程序和服务使用的加密密钥和机密。Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services.

依次阅读什么是 Key Vault?Azure Key Vault 入门,或了解如何从 web 应用使用 Key VaultRead more about What is Key Vault? then Get started with Azure Key Vault or learn how to Use Key Vault from a web app.

客户端库Client library

使用客户端库可管理密钥和相关的资产,例如证书和机密。Use the client library to manage keys and related assets such as certificates and secrets.

直接从 Visual Studio 包管理器控制台或使用 .NET Core CLI 安装 NuGet 包Install the NuGet package directly from the Visual Studio Package Manager console or with the .NET Core CLI.

Visual Studio 包管理器Visual Studio Package Manager

Install-Package Microsoft.Azure.KeyVault
dotnet add package Microsoft.Azure.KeyVault

示例Example

以下示例检索在应用程序设置中标识的特定密钥的机密。The following example retrieves the secret for a specific key that is identified in the application settings.

KeyVaultClient kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(securityToken));

SecretBundle sec = await kv.GetSecretAsync(WebConfigurationManager.AppSettings["SecretUri"]);

// sec.Value holds the secret

管理库Management library

使用管理库可创建、删除和查询 Key Vault。Use the management library to create, delete, and query key vaults.

直接从 Visual Studio 包管理器控制台或使用 .NET Core CLI 安装 NuGet 包Install the NuGet package directly from the Visual Studio Package Manager console or with the .NET Core CLI.

Visual Studio 包管理器Visual Studio Package Manager

Install-Package Microsoft.Azure.Management.KeyVault.Fluent
dotnet add package Microsoft.Azure.Management.KeyVault.Fluent

示例Example

以下示例演示如何为给定的资源组和位置创建新的 Key Vault。The following example demonstrates how to create a new key vault for a given resource group and location.

using (KeyVaultManagementClient client = new KeyVaultManagementClient(
    new TokenCloudCredentials(subscriptionId, accessToken)))
{
    client.Vaults.CreateOrUpdate(resourceGroupName, "myKeyVault", new VaultCreateOrUpdateParameters
    {
        Properties = new VaultProperties
        {
            EnabledForDeployment = true,
            EnabledForDiskEncryption = true,
            EnabledForTemplateDeployment = true,
            Location = resourceGroupLocation,
            // SKU level, access policies, tenants, etc.
        }
    });
}

示例Samples

详细了解可在应用中使用的示例 .NET 代码Explore more sample .NET code you can use in your apps.