快速入門:使用 Azure SDK for .NET 建立 Azure 受控 CCF 資源
Azure 受控 CCF (受控 CCF) 是部署機密應用程式新型且高度安全的服務。 如需受控 CCF 的詳細資訊,以及範例使用案例,請參閱關於 Azure 受控機密聯盟架構。
在本快速入門中,您將了解如何使用 .NET 用戶端管理程式庫來建立受控 CCF 資源。
如果您沒有 Azure 訂用帳戶,請在開始之前先建立 Azure 免費帳戶。
- Azure SDK for .NET 支援的 .NET 版本。
- 在執行 Windows 或 Linux 的電腦上具有 OpenSSL。
建立新的 .NET 主控台應用程式
的專案:dotnet new console --name managedccf-app
變更為新建立的 managedccf-app 目錄,然後執行下列命令來建置專案:
dotnet build
Build succeeded. 0 Warning(s) 0 Error(s)
Install the package
使用 NuGet 安裝適用於 .NET 的 Azure 受控 CCF 用戶端程式庫:
dotnet add package Azure.ResourceManager.ConfidentialLedger --version 1.1.0-beta.2
針對本快速入門,您也需要安裝適用於 Azure 身分識別的 Azure SDK 用戶端程式庫:
dotnet add package Azure.Identity
資源群組是在其中部署與管理 Azure 資源的邏輯容器。 使用 Azure PowerShell New-AzResourceGroup Cmdlet,在 southcentralus 位置中建立名為 myResourceGroup 的資源群組。
New-AzResourceGroup -Name "myResourceGroup" -Location "SouthCentralUS"
在建立資源之前,必須先在訂用帳戶中註冊 Azure 受控 CCF 資源類型。
az feature registration create --namespace Microsoft.ConfidentialLedger --name ManagedCCF
az provider register --namespace Microsoft.ConfidentialLedger
產生成員的金鑰組。 在下列命令完成之後,成員的公開金鑰會儲存在 member0_cert.pem
中,而私密金鑰則儲存在 member0_privk.pem
openssl ecparam -out "member0_privk.pem" -name "secp384r1" -genkey
openssl req -new -key "member0_privk.pem" -x509 -nodes -days 365 -out "member0_cert.pem" -"sha384" -subj=/CN="member0"
建立 .NET 應用程式
Azure SDK for .NET (azure/arm-confidentialledger) 允許管理 CCF 資源的作業,例如建立及刪除、列出與訂用帳戶相關聯的資源,以及檢視特定資源的詳細資料。 下列程式碼片段會建立及檢視受控 CCF 資源的屬性。
將下列指示詞新增至 Program.cs 的上方:
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ConfidentialLedger;
using Azure.ResourceManager.ConfidentialLedger.Models;
using Azure.ResourceManager.Resources;
在本快速入門中,已登入的使用者是用來向 Azure 受控 CCF 進行驗證,這是本機開發的慣用方法。 這個範例使用來自 Azure 身分識別程式庫的 'DefaultAzureCredential()' 類別,允許在各種不同的環境中使用相同的程式碼,搭配不同的選項來提供身分識別。
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
建立 Azure Resource Manager 用戶端,並使用權杖認證進行驗證。
// authenticate your client
ArmClient client = new ArmClient(cred);
建立受控 CCF 資源
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "0000000-0000-0000-0000-000000000001";
string resourceGroupName = "myResourceGroup";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ManagedCcfResource
ManagedCcfCollection collection = resourceGroupResource.GetManagedCcfs();
// invoke the operation
string appName = "confidentialbillingapp";
ManagedCcfData data = new ManagedCcfData(new AzureLocation("SouthCentralUS"))
Properties = new ManagedCcfProperties()
MemberIdentityCertificates =
new ConfidentialLedgerMemberIdentityCertificate()
Encryptionkey = "",
Tags = BinaryData.FromObjectAsJson(new Dictionary<string, object>()
["additionalProps1"] = "additional properties"
DeploymentType = new ConfidentialLedgerDeploymentType()
LanguageRuntime = ConfidentialLedgerLanguageRuntime.JS,
AppSourceUri = new Uri(""),
NodeCount = 3,
Tags =
["additionalProps1"] = "additional properties",
ArmOperation<ManagedCcfResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, appName, data);
ManagedCcfResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedCcfData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
檢視受控 CCF 資源的屬性
下列程式碼片段會擷取受控 CCF 資源,並列印其屬性。
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "0000000-0000-0000-0000-000000000001";
string resourceGroupName = "myResourceGroup";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ManagedCcfResource
ManagedCcfCollection collection = resourceGroupResource.GetManagedCcfs();
// invoke the operation
string appName = "confidentialbillingapp";
ManagedCcfResource result = await collection.GetAsync(appName);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedCcfData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
列出資源群組中的受控 CCF 資源
下列程式碼片段會擷取資源群組中的受控 CCF 資源。
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "0000000-0000-0000-0000-000000000001";
string resourceGroupName = "myResourceGroup";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ManagedCcfResource
ManagedCcfCollection collection = resourceGroupResource.GetManagedCcfs();
// invoke the operation and iterate over the result
await foreach (ManagedCcfResource item in collection.GetAllAsync())
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedCcfData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
列出訂用帳戶中的受控 CCF 資源
下列程式碼片段會擷取訂用帳戶中的受控 CCF 資源。
// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "0000000-0000-0000-0000-000000000001";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);
// invoke the operation and iterate over the result
await foreach (ManagedCcfResource item in subscriptionResource.GetManagedCcfsAsync())
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedCcfData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
其他受控 CCF 文章可以建置在本快速入門的基礎上。 如果您打算繼續進行後續的快速入門和教學課程,可以讓這些資源留在原處。
否則,當您完成本文中建立的資源時,請使用 Azure CLI az group delete 命令來刪除資源群組及其包含的所有資源。
az group delete --resource-group myResourceGroup
在本快速入門中,您使用適用於機密總帳的 Azure Python SDK 建立了受控 CCF 資源。 若要深入了解 Azure 受控 CCF 及如何與應用程式整合,請繼續閱讀下列文章: