使用KeyVault的Azure App Service JSON转换 [英] Azure App Service JSON Transform using KeyVault

问题描述

我正在考虑将.Net Core WebApi服务部署到Azure应用服务，作为部署的一部分，我希望使用CosmosDb连接字符串更新 appsettings.json 中的连接字符串..我有一个Azure KeyVault，其中将连接字符串作为秘密存储在其中.

I am looking at deploying a .Net Core WebApi service to an Azure App Service and as part of the deployment I am keen to update the connection string in the appsettings.json with the CosmosDb connection string. I have a Azure KeyVault which has the connection string stored in there as a secret.

使用用于CI/CD的YAML构建管道，我从管道中获得了以下内容(摘录)

Using the YAML build pipeline for CI/CD I have the following (snippet) from my pipeline

          - task: AzureKeyVault@1
            inputs:
              azureSubscription: '<service-principal>'
              KeyVaultName: '<keyvault-name>'
              SecretsFilter: '*'
              RunAsPreJob: true
          
          - task: AzureRmWebAppDeployment@4
            inputs:
              ConnectionType: 'AzureRM'
              azureSubscription: '<service-principal>'
              appType: 'webApp'
              WebAppName: '<ci-resource-group>'
              VirtualApplication: '/'
              packageForLinux: '$(System.DefaultWorkingDirectory)/**/*.zip'
              JSONFiles: '**/appsettings.json'

这两个任务处于一个阶段，首先要从上一个阶段下载发布的工件.

These two tasks are in a stage which starts with downloading the published artifact from a previous stage.

因此，Azure App Service Deploy任务可以进行JSON转换，但是我需要定义格式为 ConnectionStrings:CosmosDb 的变量，并使用密钥库中存储的密钥中的值确定我不确定怎么做！

So the Azure App Service Deploy task can do JSON transformation but I need to define a variable in the format ConnectionStrings:CosmosDb with the value from the secret stored in the keyvault and that I am not certain of how to do!

• 首先，这是正确的方法吗?我看过有关在密钥库中使用对机密的引用的文章，这是正确的方法吗?
• 可以使用 $(secret)将密钥仓库秘密提供给管道，如何为上述 AzureRmWebAppAppDeployment @ 4 任务创建变量?

• Firstly, is this the correct way? I have seen articles about using a reference to the secret in the keyvault, is that the correct way?
• The keyvault secrets are available to the pipeline using $(secret), how can I create a variable for the AzureRmWebAppDeployment@4 task as above?

到目前为止，我发现的所有内容都指向Classic发布管道，并使用了变量组，但这需要成为YAML管道的一部分.

Everything I have found so far points to the Classic release pipelines, and using variable groups but this needs to be part of the YAML pipeline.

推荐答案

遵循

要替换文件嵌套层中的值，请按层次结构顺序将名称与句点(.)连接起来.

To substitute values in nested levels of the file, concatenate the names with a period (.) in hierarchical order.

但是您的秘密名称中不能包含点，因此您必须在这两个步骤之间进行一些小的重写:

But your secrets cannot have dots in name so you must do a small rewrite between those two steps:

- powershell: |
     echo "##vso[task.setvariable variable=ConnectionStrings.CosmosDb;]$(ConnectionStrings-CosmosDb)"

您的秘密是 ConnectionStrings-CosmosDb

这篇关于使用KeyVault的Azure App Service JSON转换的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！