Azure Key Vault的好处
如果我们通过对代码中的密钥库进行身份验证来使用机密,则可以在代码调试时看到机密"中提供的连接字符串的确切值,那么将机密存储在Azure中有什么好处?
If we are using our secrets through authenticate the key vault in code, we can see the exact value of connection string provided in Secrets when code debugging then what is the benefit to store secrets in Azure?
Since Managed Service Identity became a thing, acquiring an access token no longer demands secrets (service principal credentials) being stored in your service to access Key Vault, which is a much better proposition.
参见 您对同一问题的堆栈溢出答案,它解释了一些其他安全方面的好处,例如HSM和无需将密钥保存在VM上即可存储密钥的能力(即,进入您的VM的攻击者将无法访问您的密钥,例如他们 如果您没有密钥保险库,则可以.)
See the Stack Overflow answer to your same question that explains some of the additional security benefits, such HSMs and the ability to store keys without keeping them on your VMs (i.e. attackers who get into your VMs will not have access to your keys like they would if you did not have key vault).
阅读有关好处的更多信息 这里.
Read more about the benefits here.