3

I have read this documentation from Microsoft which describes how secret volumes can be added to a container instance:

https://docs.microsoft.com/bs-latn-ba/azure///container-instances/container-instances-volume-secret

I would now like to read these secure values from my asp.net core application. How can i do that? I can't find any documentation for this anywhere.

I would ideally like to carry out this configuration in my Startup class:

something here:

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            .UseSerilog()
            .UseSetting(WebHostDefaults.ApplicationKey, typeof(Program).GetTypeInfo().Assembly.FullName); // beware of this
          // shouldn't be removed otherwise site will start outputting 404.
          // see: https://github.com/aspnet/Hosting/issues/903#issuecomment-269103645
    }

Finally, I would like to be able to run the code locally so that i can check if it's working, before deploying the container to azure. is there a way I can mock/fake these secrets on my local installation (visual studio 2017, solution has docker support enabled, docker is running locally on my machine) do give me confidence that everything is working?

I've edited this question to make it clear that this is about secret volumes

4

1 回答 1

3

环境变量

最初的问题是关于环境变量,所以这部分是关于使用 env vars。

这些文章描述了如何将这些秘密写入环境变量。要在您的应用程序中使用它们,您必须阅读环境变量。asp.net core 的配置完全支持这一点:

鉴于您有以下配置(来自https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables#secure-values):

apiVersion: 2018-10-01
location: eastus
name: securetest
properties:
  containers:
  - name: mycontainer
    properties:
      environmentVariables:
        - name: 'NOTSECRET'
          value: 'my-exposed-value'
        - name: 'SECRET'
          secureValue: 'my-secret-value'

以及文档中所述的默认设置:https ://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables#secure-values

2.x 示例应用程序利用静态便捷方法 CreateDefaultBuilder 来构建主机,其中包括对 AddEnvironmentVariables 的调用。

你可以像这样阅读你的秘密

var secret = config.GetValue<string>("SECRET", '');

如此处所述:https ://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-2.2#getvalue

秘密卷

秘密卷将包含每个秘密值一个文件。

给出来自https://docs.microsoft.com/bs-latn-ba/azure///container-instances/container-instances-volume-secret#mount-secret-volume---yaml的示例

  volumes:
  - name: secretvolume1
    secret:
      mysecret1: TXkgZmlyc3Qgc2VjcmV0IEZPTwo=
      mysecret2: TXkgc2Vjb25kIHNlY3JldCBCQVIK

您将拥有一个包含文件“mysecret1”和“mysecret2”的目录。

您可以使用 Key-per-file Configuration Provider 添加这些值

config.AddKeyPerFile(directoryPath: path, optional: true);

如此处所述:https ://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-2.2#key-per-file-configuration-provider

添加“配置源”后,您可以像这样访问值

 var secret = config.GetValue<string>("mysecret1", '');
于 2018-12-20T19:48:01.180 回答