In Huawei Cloud, how do I obtain an Access Key (AK/SK) key pair?
An access key comprises an access key ID (AK) and secret access key (SK), and is used as a long-term identity credential to sign your requests for HUAWEI CLOUD APIs.
Log in to HUAWEI CLOUD and click Console in the upper right corner.
On the management console, hover over the username in the upper right corner and choose My Credentials from the drop-down list.
Choose Access Keys from the navigation pane.
Click Create Access Key, and enter the verification code or password.
NOTE:
• You can create a maximum of two access keys. The quota cannot be increased. If you already have two access keys, you can only delete an access key and create a new one.
• To change an access key, delete it and create a new one.
Click OK to generate an access key and download it.
After the access key is created, view the AK in the access key list and view the SK in the downloaded CSV file.
NOTE:
• Download the access key file and keep it properly. If the download page is closed, you will not be able to download the access key. However, you can create a new one.
• Open the CSV file in the lower left corner, or choose Downloads in the upper right corner of the browser and open the CSV file.
• Keep your access keys secure and change them periodically for security purposes. To change an access key, delete it and create a new one.
Source - https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html
Related
It is really easy to generate an SAS token using the azure portal. The problem is that it doesn't include all of the available permissions. Notably it is missing the 't' permission which is necessary to assign tags.
I have had a look through the documentation about generating a user delegation SAS for this using Powershell, but I dont have (and cant get) sufficient permissions. I can however generated an Account Key sas.
Can any on provide guidance on how this permission can be added to the SAS either in the portal or through Powershell?
You can try creating SAS using the Storage Explorer .I tried this in my system
1) select the your storage account right click select the Get the shared access signature.
2) You can select the permission you want to add and
Click on create
3) A second Shared Access Signature dialog will then display that lists the blob container along with the URL(Connection String) and QueryStrings you can use to access the storage resource. Select Copy next to the URL you wish to copy to the clipboard
For more details refer this document:
What I need:
I need to read an excel table from Microsoft Teams Channel with Microsoft Graph API.
That is possible with the following URI:
https://graph.microsoft.com/v1.0/drives/someId/items/someId/workbook/tables/tableName/rows
The problem is, that this endpoint needs a valid token.
There are 2 opportunities:
Create Azure AD Application, that have access to the whole OneDrive.
Create Azure AD Application to retrieve a token for a service user, that have access to needed files.
The problem of the first one is, that I don't want to give it access to the whole OneDrive. I want it to have an access just to one OneDrive folder.
Maybe there is some possibility to limit the access just to one OneDrive folder?
I've tried the second alternative with com.microsoft.aad.msal4j library:
String APP_ID = "20106bdc-eec0-493d-b32f-526583aa95a6";
String AUTHORITY = "https://login.microsoftonline.com/112121a0-cc1f-12af-1213-faaa12ef1b11/v2.0";
PublicClientApplication pca = PublicClientApplication.builder(
APP_ID).
authority(AUTHORITY).build();
String scopes = "User.Read";
UserNamePasswordParameters parameters = UserNamePasswordParameters.builder(
Collections.singleton(scopes),
userName,
password.toCharArray()).build();
IAuthenticationResult result = pca.acquireToken(parameters).get();
But this leads to the following exception:
com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Any ideas? Thank you
For this issue, you need to learn about the difference between ConfidentialClientApplication and PublicClientApplication.
Please see Public Client and Confidential Client applications.
Public client applications are applications which run on devices (phones for instance) or desktop machines. They are not trusted to
safely keep application secrets, and therefore access Web APIs in the
name of the user only (they only support public client flows). Public
clients are unable to hold configuration time secrets, and as a result
have no client secret.
So for PublicClientApplication, we don't need a client secret.
What you need to do is (which you have found from this comment):
In the Application menu blade, select Manifest, and in the manifest editor, set the allowPublicClient property to true.
There is a completed sample with detailed steps here for your reference.
Besides, since you are trying to read an excel table, user.read permission is not enough.
Based on List rows Permissions, you need to add Files.ReadWrite delegated permission in the Azure AD app (app registration). And you should also specify it in your code.
All steps that I've done, so that it works:
I need to access a shared folder, so I needed to change the scope to "Files.ReadWrite.All" in my code.
In the list of pages for the app, select API permissions, click the Add a permission button and then, ensure that the Microsoft APIs tab is selected. In the Commonly used Microsoft APIs section, click on Microsoft Graph. In the Delegated permissions section, ensure that the right permissions are checked: Files.ReadWrite.All. Use the search box if necessary. Select the Add permissions button.
In the list of pages for the app, select Manifest, and in the manifest editor, set the allowPublicClient property to true, select Save in the bar above the manifest editor.
Login as a tenant admin to https://portal.azure.com. Open the registration for your app. Go to Settings, then Required Permissions. Press the Grant Permissions button.
I've created a LUIS Application but when I try to enter an endpoint key, I am unable to do so (the circled dropdown is blank). I've went through to Azure to create a key and navigated back to the settings page, but the drop down is still blank. Is there something I'm doing wrong?
Cheers!
In order to add a key, click your account setting (top right corner, or go to https://www.luis.ai/Home/UserSettings). Under My Settings -> Subscription Keys you can add new keys to user.
Just a note - you do not have to enter a key in order to create an application. A key lets you have unlimited traffic to the endpoint. It is unnecessary if you are just starting out. (See https://www.luis.ai/Help)
Recently I no longer been able to generate application keys in WAAD...(or to be more specific I can generate the key but I never get to see the value)
and after save I receive unauthorized access error...
I am a directory co-administrator - The key does appear to save, as after a page refresh there is an extra entry into the keys table. Currently only the directory full administrator can see the value but now no-longer co-admins.
The above issues also happens when making modifications to "permissions to other applications", azure reports unauthorized but the changes I make are again committed.
I have ruled out different browsers, have tired IE, and Chrome.
Help much appreciated.
co administrator is a subscription role not an Azure AD role.
In order to perform this you should have admin privileges in the Azure AD on which you're trying to create the keys.
What is the Azure AD role you're currently in ?
The issue was...
"Users may give applications permission to access their data" was set to "No"
Changing this back to "Yes" then allowed me to generate and see the key values.
I need to use a digital signature in application running on WebSphere Portal 6.1. Is there any API for retriving java.security.PrivateKey from server key storage?
I want to avoid explicit path to key storage and storage password in my application source code.
Check out the IBM KeySetHelper API.
First, define a KeyStore in WAS admin. This is what will reference the key database (JKS, PKCS12, etc) on the filesystem via path. Then define a named KeySet and reference the KeyStore. Create an alias in the key set that matches a label in the KeyStore. This limits access to specific keys if you have several in the store.
You can then "lookup" the named keystore via KeySetHelper by name. Note: you'll need to know what type of key is in the store. You won't need to know labels within the key database (or even passwords) in your code. However, you'll need to know whether or not the key is a shared secret (in which case you'll receive a java.security.SecretKey implementation. Since you want a java.security.PrivateKey, make sure you load a personal certificate into the key database that is represented in WAS as your keystore.
If you manually load a certificate into your keydatabase backing your keystore, you can leave off the key generator class name parameter of the keyset. That's used if you want to have WAS generate keys. If you also need a java.security.PublicKey, be sure to check the "generates key pair" option. In that case, you are returned from your KeySetHelper::getLatestKeysForKeySet call a com.ibm.websphere.crypto.KeyPair which contains both a java.security.PrivateKey and a java.security.PublicKey (plus access to a java.security.Certificate).
See also:
Creating a KeyStore
Creating a KeySet