如何在ARM模板部署期间在Shell脚本中隐藏密码 [英] How to hide password in shell script duing ARM template deployment
问题描述
我正在使用ARM模板来部署Azure VM.
I am using ARM template to deploy Azure VM.
template.json
template.json
"adminPassword": {
"type": "securestring"
}
parameters.json
parameters.json
"adminPassword": {
"value": null
}
当我在参数中使用"null"时,它将要求我在部署期间输入密码.
When I use "null" in parameters, It will ask me enter password during deployment.
在部署过程中输入adminPassword时,它显示为纯文本,但是我希望将其隐藏(例如******)
When I enter the adminPassword during deployment, it is showing as plaintext, But I want it to hidden (such as ******)
我该如何实现?
推荐答案
正如4c74356b41所说,目前尚无法直接做到这一点.
As 4c74356b41 said, currently, there is no way to do it directly.
您可以使用 Azure Key Vault 避免将密码显示为纯文本.
You could use Azure Key Vault to avoid the password showing as plain text.
Key Vault可以存储两种类型的信息:密钥(证书)和秘密.在您的方案中,您需要使用Secrets.您需要在KeyVault中创建一个机密.
Key Vault can store two types of information: Keys (Certificates) and Secrets. In your scenario, you need use Secrets. You need create a secrets in KeyVault.
##get password don't show plaintext
read -s password
azure keyvault create --vault-name 'ContosoKeyVault' --resource-group 'ContosoResourceGroup' --location 'East Asia'
azure keyvault secret set --vault-name 'ContosoKeyVault' --secret-name 'SQLPassword' --value "$password"
此后,您需要启用Key Vault进行模板部署.您可以使用以下命令进行操作:
After this you'll need to enable the Key Vault for template deployment.You can do this using the following commands:
azure keyvault set-policy --vault-name Contoso --enabled-for-template-deployment true
您需要按如下所示修改参数:
You need modify your parameter like below:
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-guid>/resourceGroups/<group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
},
"secretName": "<seccret name>"
}
},
您可以参考以下模板: 101 -vm-secure-password .
You could refer this template: 101-vm-secure-password.
这篇关于如何在ARM模板部署期间在Shell脚本中隐藏密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!