通过azure devops管道上传.pfx证书 [英] upload .pfx certificate through azure devops pipeline

问题描述

我想通过azure devops任务为我的应用程序服务上传.pfx证书.有人可以帮我如何通过ARM模板上传证书吗?

I want to upload .pfx certificate for my app service through azure devops task. can some one please help me on how to upload certificate through ARM Template

推荐答案

您可以按照以下步骤使用ARM上传证书.

You can follow below steps to upload certificate with ARM.

1，转到管道"，库"下的安全文件并上传证书.

1,Go to the secure files under Pipelines, Library and upload your certificate.

2，添加此处有关预定义变量的更多信息

2, Add a download secure file task to download your certificate to your pipeline. you can reference to it by the path $(<mySecureFile>.secureFilePath) or $(Agent.TempDirectory). Check here for more information about predefined variables

3，添加一个powershell任务以在以下脚本中运行，以将您的证书转换为base64字符串.并将其存储到自定义环境变量certificateBase64Content中.在此处查看了解有关变量的更多信息

3, add a powershell task to run below scripts to transform your certificate to base64 string. And store it to a self-defined environment variable certificateBase64Content. Check here to learn more about variables

$secName = "<certificateName>.pfx
$tempDirectory = $env:AGENT_TEMPDIRECTORY

$pfxFilePath = Join-Path $tempDirectory $secName

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

$cert.Import($pfxFilePath, "$(certificatePassword)", $flag)

$bin = $cert.RawData
$base64Value = [System.Convert]::ToBase64String($bin)

Write-Host "##vso[task.setvariable variable=certificateBase64Content;]$base64Value"

4，创建一个密钥仓库，并通过Microsoft.Web资源提供者对KeyVault的访问来获取证书，该证书将存储在密钥仓库中.

4,create a keyvault and grand the Microsoft.Web resource provider access to the KeyVault to get the certificate, which will be stored in the keyvault.

请检查博客，用于ARM模板示例.

Please check blog "Create the KeyVault with the required settings" part for ARM template example.

5，将证书存储在上一步创建的密钥库中.

5, Store the certificate in the keyvault created in above step.

请检查博客

Please check blog Store the certificate in KeyVault part for ARM template example.

6，请参阅博客的最后一步

6, Refer to the last step of the blog Deploy the certificate to your Web App to deploy your certificate.

提醒:

在以上博客中，Azure资源组部署任务中覆盖了ARM模板中定义的参数.您可以在 azure资源组部署任务中的模板设置下进行配置.

In above blog, the parameters defined in ARM template are override in the Azure resource group deployment task. You can configure this under the Template setting in the azure resource group deployment task

添加:

如果您不想使用密钥库.您可以省略第4步和第5步.在对您的证书进行转换并将其存储在上述第3步中的自定义变量中之后，直接上载证书.您需要将parameters('certificatePfxBase64')替换为自定义变量certificateBase64Content

If you donot want to use keyvault. You can omit above step 4,and 5. And directly upload the cretificate after your cerficate being transformed and stored in the self-defined variable in above step 3. You need to replace parameters('certificatePfxBase64') with your self-defined variable certificateBase64Content

"variables": {
    "certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"
  },
"resources": [
    {
      "apiVersion": "2015-08-01",
      "name": "[variables('certificateName')]",
      "type": "Microsoft.Web/certificates",
      "location": "[resourceGroup().location]",
      "properties": {
        "pfxBlob": "[parameters('certificatePfxBase64')]",
        "password": "[parameters('certificatePfxPassword')]"
      },
      "tags": {
        "displayName": "Certificate"
      }
    }
  ]

这篇关于通过azure devops管道上传.pfx证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！