使用门户管理 Azure Stack Hub 中的 Key VaultManage Key Vault in Azure Stack Hub using the portal

本文介绍如何使用 Azure Stack Hub 门户在 Azure Stack Hub 中创建和管理密钥保管库。This article describes how to create and manage a key vault in Azure Stack Hub using the Azure Stack Hub portal.

必备条件Prerequisites

必须订阅包含 Azure Key Vault 服务的产品/服务。You must subscribe to an offer that includes the Azure Key Vault service.

创建 key vaultCreate a key vault

  1. 登录到用户门户Sign in to the user portal.

  2. 从仪表板中依次选择“+ 创建资源”、“安全 + 标识”、“Key Vault”。 From the dashboard, select + Create a resource, then Security + Identity, then Key Vault.

    “密钥保管库”屏幕

  3. 在“创建密钥保管库” 窗格中,为保管库分配名称In the Create Key Vault pane, assign a Name for your vault. 保管库名称只能包含字母数字字符和连字符 (-),Vault names can contain only alphanumeric characters and the hyphen (-) character. 它们不得以数字开头。They shouldn't start with a number.

  4. 从可用订阅列表中选择订阅Choose a Subscription from the list of available subscriptions. 下拉列表中将显示提供 Key Vault 服务的所有订阅。All subscriptions that offer the Key Vault service are displayed in the drop-down list.

  5. 选择现有的资源组或创建一个新资源组。Select an existing Resource Group, or create a new one.

  6. 选择“定价层” 。Select the Pricing tier. Azure Stack 开发工具包 (ASDK) 中的密钥保管库仅支持标准 SKU。In the Azure Stack Development Kit (ASDK), key vaults support Standard SKUs only.

  7. 选择一个现有访问策略或创建一个新访问策略。Choose one of the existing Access policies or create a new one. 使用访问策略,可授予用户、应用或安全组对此保管库执行操作的权限。An access policy allows you to grant permissions for a user, an app, or a security group to perform operations with this vault.

  8. (可选)选择“高级访问权限策略” 以允许访问功能。Optionally, choose an Advanced access policy to enable access to features. 例如:访问虚拟机 (VM) 进行部署、访问资源管理器进行模板部署,以及访问 Azure 磁盘加密进行卷加密。For example: virtual machines (VMs) for deployment, Resource Manager for template deployment, and access to Azure Disk Encryption for volume encryption.

  9. 配置设置后,请选择“确定” ,然后选择“创建” 。After you configure the settings, select OK, and then select Create. 此步骤将启动密钥保管库部署。This step starts the key vault deployment.

管理密钥和机密Manage keys and secrets

创建密钥保管库后,使用以下过程来创建和管理保管库中的密钥和机密:After you create a key vault, use the following procedure to create and manage keys and secrets within the vault:

创建密钥Create a key

  1. 登录到 Azure Stack Hub 用户门户Sign in to the Azure Stack Hub user portal.

  2. 从仪表板中选择“所有资源” ,选择先前创建的密钥保管库,然后选择“密钥” 磁贴。From the dashboard, select All resources, select the key vault that you created earlier, and then select the Keys tile.

  3. 在“密钥”窗格中,选择“生成/导入”。 In the Keys pane, select Generate/Import.

  4. 在“创建密钥” 窗格中,从“选项”列表中 ,选择要用于创建密钥的方法。In the Create a key pane, from the list of Options, choose the method that you want to use to create a key. 可以生成新密钥、上传现有密钥,或使用“备份还原” 选择密钥的备份。You can Generate a new key, Upload an existing key, or use Restore Backup to select a backup of a key.

  5. 输入密钥的名称Enter a Name for your key. 密钥名称只能包含字母数字字符和连字符 (-)。The key name can contain only alphanumeric characters and the hyphen (-) character.

  6. (可选)为密钥配置设置激活日期设置到期日期值。Optionally, configure the Set activation date and Set expiration date values for your key.

  7. 选择“创建”以开始部署。 Select Create to start the deployment.

成功创建密钥后,可以在“密钥” 下选择该密钥,并查看或修改其属性。After the key is successfully created, you can select it under Keys and view or modify its properties. 属性部分包含密钥标识符,即外部应用用来访问此密钥的统一资源标识符 (URI)。The properties section contains the Key Identifier, which is a Uniform Resource Identifier (URI) that external apps use to access this key. 若要限制对此密钥的操作,请在“允许的操作” 下配置设置。To limit operations on this key, configure the settings under Permitted operations.

密钥 URI

创建机密Create a secret

  1. 登录到用户门户Sign in to the user portal.

  2. 从仪表板中选择“所有资源” ,选择先前创建的密钥保管库,然后选择“机密” 磁贴。From the dashboard, select All resources, select the key vault that you created earlier, and then select the Secrets tile.

  3. 在“机密” 下,选择“添加” 。Under Secrets, select Add.

  4. 在“创建机密” 下,从“上传选项” 列表中选择需要用来创建机密的选项。Under Create a secret, from the list of Upload options, choose an option with which you want to create a secret. 如果输入机密的值或从本地计算机上传证书,即可手动创建机密。You can create a secret Manually if you enter a value for the secret, or upload a Certificate from your local machine.

  5. 输入机密的名称Enter a Name for the secret. 机密名称只能包含字母数字字符和连字符 (-)。The secret name can contain only alphanumeric characters and the hyphen (-) character.

  6. (可选)指定内容类型,并为机密配置设置激活日期设置到期日期的值。Optionally, specify the Content type, and configure values for Set activation date and Set expiration date for the secret.

  7. 选择“创建”以开始部署。 Select Create to start the deployment.

成功创建机密后,可以在“机密” 下选择该机密,并查看或修改其属性。After the secret is successfully created, you can select it under Secrets and view or modify its properties. 机密标识符是外部应用可用来访问此机密的 URI。The Secret Identifier is a URI that external apps can use to access this secret.

机密 URI

后续步骤Next steps