检索集成在httptrigger/queuetrigger -Python中的Keyvault机密 [英] Retrieving Keyvault Secret Integrated in a httptrigger/queuetrigger -Python

问题描述

我已将一个秘密成功集成到httptrigger中.我需要在python代码中检索并解析机密.

I have successfully integrated a secret in a httptrigger. I need to retrieve and parse the secret in a python code.

以下代码返回文件库ID，而不是秘密.

The following piece of code returns the vault id and not the secret.

1. 如何获取秘密值?
2. 可以对队列触发器执行相同的操作吗?

Httptrigger

Httptrigger

import logging
import os
import azure.functions as func


def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')

    test = os.environ["testkeyvault"]
    return func.HttpResponse(
             "This" + test,
             status_code=200
        )

local.settings.json

local.settings.json

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "",
    "FUNCTIONS_WORKER_RUNTIME": "python",
    "testkeyvault": "@Microsoft.KeyVault(SecretUri=https://jjjjj.vault.azure.net/secrets/AzureAuthUrl/xxxxxx)"
  }
}

function.json

function.json

{
  "scriptFile": "__init__.py",
  "bindings": [
    {
      "authLevel": "anonymous",
      "type": "httpTrigger",
      "direction": "in",
      "name": "req",
      "methods": [
        "get",
        "post"
      ]
    },
    {
      "type": "http",
      "direction": "out",
      "name": "$return"
    }
  ]
}

推荐答案

如何获取输出秘密值的信息?

How do I get it to output a secret values?

1，创建一个秘密，设置值，然后获取秘密标识符"，将此 @ Microsoft.KeyVault(SecretUri =< secret identifier>)设置为您的功能应用程序的设置

1, create a secret, set the value, and get the 'secret identifier', set this @Microsoft.KeyVault(SecretUri=<secret identifier>) to the settings of your function app.

2，创建一个功能应用程序身份，并让该功能身份访问具有对密钥库的相应访问策略.

2, create a function app identity, and let the function identity access have the corresponding access policy to the keyvault.

可以对队列触发器执行相同的操作吗?

Can the same be done for a queuetrigger?

是的，可以.基本上，您可以像在httptrigger中一样从环境变量中获取它.存储在功能应用程序配置中的值将被读取为应用程序内环境变量.如果存在密钥库引用，则只要引用成功，就会返回该机密.否则，将返回原始网址

Yes, you can. Basically you can get it from the environment variable as what you do in httptrigger. The value stored in the configuration of the function app will be read as an in-app environment variable. If there is a keystore reference, as long as the reference is successful, the secret will be returned. Otherwise, the original url will be returned

这篇关于检索集成在httptrigger/queuetrigger -Python中的Keyvault机密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！