通过 azure devops 管道上传 .pfx 证书 [英] upload .pfx certificate through azure devops pipeline
问题描述
我想通过 azure devops 任务为我的应用服务上传 .pfx 证书.有人可以帮助我如何通过ARM模板上传证书
您可以按照以下步骤使用ARM上传证书.
1、转到 Pipelines、Library 下的安全文件并上传您的证书.
2、添加
添加:
如果您不想使用密钥库.上面的第4、5步可以省略,直接上传你的证书转换后的证书,保存在上面第3步的自定义变量中,需要替换parameters('certificatePfxBase64')使用您自定义的变量 certificateBase64Content
变量":{"certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"},资源": [{"apiVersion": "2015-08-01","name": "[变量('certificateName')]","type": "Microsoft.Web/certificates","location": "[resourceGroup().location]",特性": {"pfxBlob": "[参数('certificatePfxBase64')]",密码":[参数('certificatePfxPassword')]"},标签":{"displayName": "证书"}}]I want to upload .pfx certificate for my app service through azure devops task. can some one please help me on how to upload certificate through ARM Template
You can follow below steps to upload certificate with ARM.
1,Go to the secure files under Pipelines, Library and upload your certificate.
2, Add a download secure file task to download your certificate to your pipeline. you can reference to it by the path $(<mySecureFile>.secureFilePath) or $(Agent.TempDirectory). Check here for more information about predefined variables
3, add a powershell task to run below scripts to transform your certificate to base64 string. And store it to a self-defined environment variable certificateBase64Content. Check here to learn more about variables
$secName = "<certificateName>.pfx
$tempDirectory = $env:AGENT_TEMPDIRECTORY
$pfxFilePath = Join-Path $tempDirectory $secName
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$cert.Import($pfxFilePath, "$(certificatePassword)", $flag)
$bin = $cert.RawData
$base64Value = [System.Convert]::ToBase64String($bin)
Write-Host "##vso[task.setvariable variable=certificateBase64Content;]$base64Value"
4,create a keyvault and grand the Microsoft.Web resource provider access to the KeyVault to get the certificate, which will be stored in the keyvault.
Please check blog "Create the KeyVault with the required settings" part for ARM template example.
5, Store the certificate in the keyvault created in above step.
Please check blog Store the certificate in KeyVault part for ARM template example.
6, Refer to the last step of the blog Deploy the certificate to your Web App to deploy your certificate.
Reminder:
In above blog, the parameters defined in ARM template are override in the Azure resource group deployment task. You can configure this under the Template setting in the azure resource group deployment task
Addition:
If you donot want to use keyvault. You can omit above step 4,and 5. And directly upload the cretificate after your cerficate being transformed and stored in the self-defined variable in above step 3. You need to replace parameters('certificatePfxBase64') with your self-defined variable certificateBase64Content
"variables": {
"certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[variables('certificateName')]",
"type": "Microsoft.Web/certificates",
"location": "[resourceGroup().location]",
"properties": {
"pfxBlob": "[parameters('certificatePfxBase64')]",
"password": "[parameters('certificatePfxPassword')]"
},
"tags": {
"displayName": "Certificate"
}
}
]
这篇关于通过 azure devops 管道上传 .pfx 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
