托管标识Managed identities

开发人员面临的一个共同挑战是如何管理密码和凭据,以确保不同服务之间的通信安全。A common challenge for developers is the management of secrets and credentials to secure communication between different services. 在 Azure 上,托管标识可为 Azure AD 中的 Azure 资源提供标识并使用它来获取 Azure Active Directory (Azure AD) 令牌,从而使开发人员无需管理凭据。On Azure, managed identities eliminate the need for developers having to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azure Active Directory (Azure AD) tokens.

目前有以下两种方案可将托管标识与媒体服务结合使用:There are currently two scenarios where Managed Identities can be used with Media Services:

  • 使用媒体服务帐户的托管标识来访问存储帐户。Use the managed identity of the Media Services account to access storage accounts.

  • 使用媒体服务帐户的托管标识访问 Key Vault 以访问客户密钥。Use the managed identity of the Media Services account to access Key Vault to access customer keys.

以下两部分介绍这两种方案的步骤。The next two sections describe the steps of the two scenarios.

使用媒体服务帐户的托管标识来访问存储帐户Use the managed identity of the Media Services account to access storage accounts

  1. 创建包含托管标识的媒体服务帐户。Create a Media Services account with a managed identity.
  2. 授予托管标识主体对你所拥有存储帐户的访问权限。Grant the managed identity principal access to a storage account you own.
  3. 然后媒体服务可以使用托管标识代表你访问存储帐户。Media Services can then access storage account on your behalf using the managed identity.

使用媒体服务帐户的托管标识访问 Key Vault 以访问客户密钥Use the managed identity of the Media Services account to access Key Vault to access customer keys

  1. 创建包含托管标识的媒体服务帐户。Create a Media Services account with a managed identity.
  2. 授予托管标识主体对你所拥有 Key Vault 的访问权限。Grant the managed identity principal access to a Key Vault that you own.
  3. 将媒体服务帐户配置为使用基于客户密钥的帐户加密。Configure the Media Services account to use the customer key based account encryption.
  4. 媒体服务使用托管标识代表你访问 Key Vault。Media Services accesses Key Vault on your behalf using the managed identity.

有关客户管理的密钥和 Key Vault 的详细信息,请参阅创建自己的密钥(客户管理的密钥)用于媒体服务For more information about customer managed keys and Key Vault, see Bring your own key (customer-managed keys) with Media Services

教程Tutorials

这些教程包括上述两种场景。These tutorials include both of the scenarios mentioned above.

后续步骤Next steps

若要详细了解托管标识可以为你和你的 Azure 应用程序执行哪些操作,请参阅 Azure AD 托管标识To learn more about what managed identities can do for you and your Azure applications, see Azure AD Managed Identities.