使用入口網站管理 Azure Stack Hub 中的 Key VaultManage Key Vault in Azure Stack Hub using the portal

本文說明如何使用 Azure Stack Hub 入口網站,在 Azure Stack Hub 中建立和管理金鑰保存庫。This article describes how to create and manage a key vault in Azure Stack Hub using the Azure Stack Hub portal.

必要條件Prerequisites

您必須訂閱包含 Azure Key Vault 服務的供應項目。You must subscribe to an offer that includes the Azure Key Vault service.

建立金鑰保存庫Create a key vault

  1. 登入使用者入口網站 https://portal.local.azurestack.externalSign in to the user portal https://portal.local.azurestack.external.

  2. 從儀表板選取 [+ 建立資源]****,選取 [安全性 + 識別]****,然後選取 [Key Vault]****。From the dashboard, select + Create a resource, then Security + Identity, then Key Vault.

    金鑰保存庫畫面

  3. 在 [建立金鑰保存庫]**** 窗格中,為您的保存庫指派 [名稱]****。In the Create Key Vault pane, assign a Name for your vault. 保存庫名稱只能包含英數字元和連字號 (-) 字元。Vault names can contain only alphanumeric characters and the hyphen (-) character. 不得以數字開頭。They shouldn't start with a number.

  4. 從可用的訂用帳戶清單中選擇 [訂用帳戶]****。Choose a Subscription from the list of available subscriptions. 所有提供 Key Vault 服務的訂用帳戶皆會顯示在下拉式清單中。All subscriptions that offer the Key Vault service are displayed in the drop-down list.

  5. 選取現有的資源群組,或建立新群組。Select an existing Resource Group, or create a new one.

  6. 選取 [定價層]****。Select the Pricing tier. 在 Azure Stack 開發套件 (ASDK) 中,金鑰保存庫僅支援標準 SKU。In the Azure Stack Development Kit (ASDK), key vaults support Standard SKUs only.

  7. 選擇其中一個現有的 [存取原則]**** 或建立新原則。Choose one of the existing Access policies or create a new one. 存取原則可讓您授與使用者、應用程式或安全性群組權限,來執行此保存庫的作業。An access policy allows you to grant permissions for a user, an app, or a security group to perform operations with this vault.

  8. 或者,選擇進階存取權原則以允許存取功能。Optionally, choose an Advanced access policy to enable access to features. 例如:用於部署的虛擬機器 (VM)、用於部署範本的資源管理員,以及用於磁碟區加密的 Azure 磁碟加密存取。For example: virtual machines (VMs) for deployment, Resource Manager for template deployment, and access to Azure Disk Encryption for volume encryption.

  9. 在您進行設定之後,請選取 [確定]****,然後選取 [建立]****。After you configure the settings, select OK, and then select Create. 此步驟會開始金鑰保存庫部署。This step starts the key vault deployment.

管理金鑰和祕密Manage keys and secrets

建立金鑰保存庫之後,請使用下列程序來建立和管理保存庫內的金鑰和祕密:After you create a key vault, use the following procedure to create and manage keys and secrets within the vault:

建立金鑰Create a key

  1. 登入 Azure Stack Hub 使用者入口網站 https://portal.local.azurestack.externalSign in to the Azure Stack Hub user portal https://portal.local.azurestack.external.

  2. 從儀表板中選取 [所有資源]****,選取您稍早建立的金鑰保存庫,然後選取 [金鑰]**** 圖格。From the dashboard, select All resources, select the key vault that you created earlier, and then select the Keys tile.

  3. 在 [金鑰]**** 窗格中,選取 [產生/匯入]****。In the Keys pane, select Generate/Import.

  4. 在 [建立金鑰]**** 窗格中,從 [選項]**** 清單中選擇您要用來建立金鑰的方法。In the Create a key pane, from the list of Options, choose the method that you want to use to create a key. 您可以 [產生]**** 新的金鑰、[上傳]**** 現有金鑰,或使用 [還原備份]**** 來選取金鑰的備份。You can Generate a new key, Upload an existing key, or use Restore Backup to select a backup of a key.

  5. 在 [名稱]**** 中輸入金鑰的名稱。Enter a Name for your key. 金鑰名稱只能包含英數字元和連字號 (-) 字元。The key name can contain only alphanumeric characters and the hyphen (-) character.

  6. (選用) 為金鑰設定 [設定啟用日期]**** 和 [設定到期日期]****。Optionally, configure the Set activation date and Set expiration date values for your key.

  7. 選取 [建立]**** 以開始部署。Select Create to start the deployment.

成功建立金鑰之後,您可以在 [金鑰]**** 之下選取該金鑰,並檢視或修改其屬性。After the key is successfully created, you can select it under Keys and view or modify its properties. properties 區段包含 [金鑰識別碼]****,其為外部應用程式用來存取此金鑰的統一資源識別項 (URI)。The properties section contains the Key Identifier, which is a Uniform Resource Identifier (URI) that external apps use to access this key. 若要限制此金鑰的作業,請設定 [允許的作業]**** 下的設定。To limit operations on this key, configure the settings under Permitted operations.

URI 金鑰

建立祕密Create a secret

  1. 登入使用者入口網站 https://portal.local.azurestack.externalSign in to the user portal https://portal.local.azurestack.external.

  2. 從儀表板中選取 [所有資源]****,選取您稍早建立的金鑰保存庫,然後選取 [密鑰]**** 圖格。From the dashboard, select All resources, select the key vault that you created earlier, and then select the Secrets tile.

  3. 在 [密鑰]**** 底下,選取 [新增]****。Under Secrets, select Add.

  4. 在 [建立祕密]**** 之下,從 [上傳選項]**** 清單中選擇您想要用來建立祕密的選項。Under Create a secret, from the list of Upload options, choose an option with which you want to create a secret. 如果您輸入密鑰的值或從本機上傳憑證,即可手動建立密鑰。You can create a secret Manually if you enter a value for the secret, or upload a Certificate from your local machine.

  5. 輸入祕密的 [名稱]****。Enter a Name for the secret. 祕密名稱只能包含英數字元和連字號 (-) 字元。The secret name can contain only alphanumeric characters and the hyphen (-) character.

  6. (選用) 指定 [內容型別]****、為 [設定啟用日期]**** 設定值,以及為密鑰 [設定到期日期]****。Optionally, specify the Content type, and configure values for Set activation date and Set expiration date for the secret.

  7. 選取 [建立]**** 以開始部署。Select Create to start the deployment.

成功建立密鑰之後,您可以在 [密鑰]**** 之下選取該密鑰,並檢視或修改其屬性。After the secret is successfully created, you can select it under Secrets and view or modify its properties. [祕密識別碼]**** 是外部應用程式可用來存取此祕密的 URI。The Secret Identifier is a URI that external apps can use to access this secret.

URI 祕密

後續步驟Next steps