如何在 ARM 模板部署期间在 shell 脚本中隐藏密码 [英] How to hide password in shell script duing ARM template deployment
问题描述
我正在使用 ARM 模板来部署 Azure VM.
I am using ARM template to deploy Azure VM.
模板.json
"adminPassword": {
"type": "securestring"
}
parameters.json
parameters.json
"adminPassword": {
"value": null
}
当我在参数中使用null"时,它会要求我在部署过程中输入密码.
When I use "null" in parameters, It will ask me enter password during deployment.
我在部署时输入adminPassword,显示为明文,但我想隐藏(如******)
When I enter the adminPassword during deployment, it is showing as plaintext, But I want it to hidden (such as ******)
我怎样才能做到这一点?
How can I achieve this?
推荐答案
如 4c74356b41 所说,目前没有办法直接解决.
As 4c74356b41 said, currently, there is no way to do it directly.
您可以使用 Azure Key Vault 避免密码显示为纯文本.
You could use Azure Key Vault to avoid the password showing as plain text.
Key Vault 可以存储两种类型的信息:密钥(证书)和机密.在您的场景中,您需要使用 Secrets.您需要在 KeyVault 中创建机密.
Key Vault can store two types of information: Keys (Certificates) and Secrets. In your scenario, you need use Secrets. You need create a secrets in KeyVault.
##get password don't show plaintext
read -s password
azure keyvault create --vault-name 'ContosoKeyVault' --resource-group 'ContosoResourceGroup' --location 'East Asia'
azure keyvault secret set --vault-name 'ContosoKeyVault' --secret-name 'SQLPassword' --value "$password"
此后,您需要为模板部署启用 Key Vault.您可以使用以下命令执行此操作:
After this you'll need to enable the Key Vault for template deployment.You can do this using the following commands:
azure keyvault set-policy --vault-name Contoso --enabled-for-template-deployment true
您需要修改您的参数,如下所示:
You need modify your parameter like below:
"adminPassword": {
"reference": {
"keyVault": {
"id": "/subscriptions/<subscription-guid>/resourceGroups/<group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
},
"secretName": "<seccret name>"
}
},
你可以参考这个模板:101-vm-secure-password.
You could refer this template: 101-vm-secure-password.
这篇关于如何在 ARM 模板部署期间在 shell 脚本中隐藏密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
