快速入门:使用 Azure 门户在 Azure Key Vault 中设置和检索机密Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal

Azure Key Vault 是一项云服务,它为机密提供了安全的存储。Azure Key Vault is a cloud service that provides a secure store for secrets. 可以安全地存储密钥、密码、证书和其他机密。You can securely store keys, passwords, certificates, and other secrets. 可以通过 Azure 门户创建和管理 Azure Key Vault。Azure key vaults may be created and managed through the Azure portal. 在本快速入门中,你将创建一个 Key Vault 并使用它来存储机密。In this quickstart, you create a key vault, then use it to store a secret.

有关详细信息,请参阅For more information about, see

先决条件Prerequisites

若要访问 Azure Key Vault,需要一个 Azure 订阅。To access Azure Key Vault, you'll need an Azure subscription. 如果还没有订阅,请在开始前创建一个试用版订阅。If you don't already have a subscription, create a Trial before you begin.

对机密的所有访问都通过 Azure Key Vault 进行。All access to secrets takes place through Azure Key Vault. 对于本快速入门,请使用 Azure 门户Azure CLIAzure PowerShell 创建密钥保管库。For this quickstart, create a key vault using Azure portal, Azure CLI, or Azure PowerShell.

登录 AzureSign in to Azure

通过 https://portal.azure.cn 登录到 Azure 门户。Sign in to the Azure portal at https://portal.azure.cn.

向 Key Vault 添加机密Add a secret to Key Vault

若要将机密添加到保管库,请执行以下步骤:To add a secret to the vault, follow the steps:

  1. 在 Azure 门户中,导航到新的密钥保管库Navigate to your new key vault in the Azure portal
  2. 在 Key Vault 设置页中,选择“机密”。On the Key Vault settings pages, select Secrets.
  3. 单击“生成/导入”。Click on Generate/Import.
  4. 在“创建机密”屏幕上,选择以下值:On the Create a secret screen choose the following values:
    • 上传选项:手动。Upload options: Manual.
    • 名称:键入机密的名称。Name: Type a name for the secret. 机密名称在 Key Vault 中必须是唯一的。The secret name must be unique within a Key Vault. 该名称必须是 1-127 个字符的字符串,以字母开头且仅包含 0-9、a-z、A-Z 和 -。The name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -. 有关命名的详细信息,请参阅 Key Vault 对象、标识符和版本控制For more information on naming, see Key Vault objects, identifiers, and versioning
    • :键入机密的值。Value: Type a value for the secret. Key Vault API 接受机密值并将其作为字符串返回。Key Vault APIs accept and return secret values as strings.
    • 让其他值保留默认设置。Leave the other values to their defaults. 单击“创建”。Click Create.

收到机密已成功创建的消息后,即可单击列表中的该机密,Once that you receive the message that the secret has been successfully created, you may click on it on the list.

有关机密属性的详细信息,请参阅关于 Azure Key Vault 机密For more information on secrets attributes, see About Azure Key Vault secrets

从 Key Vault 检索机密Retrieve a secret from Key Vault

如果单击当前版本,则可看到在上一步指定的值。If you click on the current version, you can see the value you specified in the previous step.

机密属性

单击右侧窗格中的“显示机密值”按钮后,可看到隐藏的值。By clicking "Show Secret Value" button in the right pane, you can see the hidden value.

显示的机密值

你还可以使用 Azure CLIAzure PowerShell 来检索之前创建的机密。You can also use Azure CLI, or Azure PowerShell to retrieve previously created secret.

清理资源Clean up resources

其他 Key Vault 快速入门和教程是在本快速入门的基础上制作的。Other Key Vault quickstarts and tutorials build upon this quickstart. 如果打算继续使用后续的快速入门和教程,则可能需要保留这些资源。If you plan to continue on to work with subsequent quickstarts and tutorials, you may wish to leave these resources in place. 如果不再需要资源组,可以将其删除,这将删除 Key Vault 和相关的资源。When no longer needed, delete the resource group, which deletes the Key Vault and related resources. 要通过门户删除资源组,请执行以下操作:To delete the resource group through the portal:

  1. 在门户顶部的“搜索”框中输入资源组的名称。Enter the name of your resource group in the Search box at the top of the portal. 在搜索结果中看到在本快速入门中使用的资源组后,将其选中。When you see the resource group used in this quickstart in the search results, select it.
  2. 选择“删除资源组” 。Select Delete resource group.
  3. 在“键入资源组名称:”框中,键入资源组的名称,然后选择“删除” 。In the TYPE THE RESOURCE GROUP NAME: box type in the name of the resource group and select Delete.

备注

请务必注意,删除机密、密钥、证书或密钥保管库后,它将在时长为 7 到 90 个日历日的可配置期间内保持可恢复状态。It is important to notice that once a secret, key, certificate, or key vault is deleted, it will remain recoverable for a configurable period of 7 to 90 calendar days. 如果未指定配置,默认恢复期将会被设置为 90 天。If no configuration is specified the default recovery period will be set to 90 days. 这样,用户就有充足的时间来注意到意外的机密删除并做出响应。This provides users with sufficient time to notice an accidental secret deletion and respond. 有关删除和恢复密钥保管库和密钥保管库对象的详细信息,请参阅 Azure Key Vault 软删除概述For more information about deleting and recovering key vaults and key vault objects, see Azure Key Vault soft-delete overview

后续步骤Next steps

在本快速入门中,创建了 Key Vault 并在其中存储了一个机密。In this quickstart, you created a Key Vault and stored a secret in it. 若要详细了解 Key Vault 以及如何将其与应用程序集成,请继续阅读以下文章。To learn more about Key Vault and how to integrate it with your applications, continue on to the articles below.