从连接到密钥保管库的Azure DevOps变量组访问证书指纹 [英] Access certificate thumprint from Azure DevOps variable group connected to Key vaults
问题描述
我有一个VSTS库变量组连接到Azure中的密钥库:
I have a VSTS library variable groups connected to my key-vaults in Azure:
有关更多信息,请参见:
https://docs.microsoft.com/zh-cn/azure/devops/pipelines/library/variable-groups?view=vsts&tabs=yaml
More about it you can read here: https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=vsts&tabs=yaml
在Azure的密钥库中,我有一个秘密列表和证书列表。
In key vaults in Azure I have a list of secrets and list of certificates.
密钥库秘密示例:
- AppInsightsInstrumentationKey
- CacheConnectionString
示例证书:
- GlobalCertificate
现在,我可以通过简单的语法作为释放这些变量的变量来访问:
Now I can access as variables in releasing these variables, by simple syntax:
- $(GlobalCertificate)
- $(AppInsightsInstrumentationKey)
- $(CacheConnectionString)
我的目标是读取位于变量 $(GlobalCertificate)中的证书的缩略图。
My goal is to read thumprint of certificate localted in variable $(GlobalCertificate). What's the way to get it?
推荐答案
我知道这已经很老了,但是我发现这篇文章正在寻找相同的东西并且还没有。
I know this is old but I found this article searching for the same thing and haven't been able to find a solution elsewhere.
我已经能够使用Powershell对其进行分类,但是考虑到我们已经将PFX上传到了其中,这是很奇怪的。密钥库。我也将我的pfx密码保存到keyvault中,但如果不这样做,请用您自己的值替换 $ pwd 行中的变量。
I've been able to sort it out with Powershell but it's bizarre what's required considering we've already uploaded the PFX into the key vault. I also save my pfx passwords into keyvault but if you don't, substitute the variable in the $pwd line with your own value.
在Azure DevOps管道中,创建Powershell任务。脚本为:
In the Azure DevOps Pipeline, create a Powershell task. Script is:
#Convert the Secure password that's presented as plain text back into a secure string
$pwd = ConvertTo-SecureString -String $(GlobalCertificate-Password) -Force -AsPlainText
#Create PFX file from Certificate Variable
New-Item Temp-Certificate.pfx -Value $(GlobalCertificate)
#Import the PFX certificate from the newly created file and password. Read the thumbprint into variable
$Thumbprint = (Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -FilePath Temp-Certificate.pfx -Password $pwd).Thumbprint
Write-Host $Thumbprint
#Rest of Script below or set environment variable for rest of Pipeline
Write-Host "##vso[task.setvariable variable=Thumbprint]$Thumbprint"
这篇关于从连接到密钥保管库的Azure DevOps变量组访问证书指纹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
