0

这是我的代码,几天前它还在工作,现在它在尝试从保险库中取出秘密时抛出错误。我正在使用通过 pip 安装的最新版本的 Azure Python SDK。

from azure.keyvault import KeyVaultClient
from azure.mgmt.keyvault import KeyVaultManagementClient
from msrestazure.azure_active_directory import ServicePrincipalCredentials

credentials = ServicePrincipalCredentials(
    client_id = "a0824ce5-f6cf-4293-a7ad-************************",
    secret = "5jqsgHYlLPrpY+yn6+0X8lMA9mE*********************",
    tenant="fa7b1b5a-7b34-4387-**********************",
    resource='https://vault.azure.net'
)

KEY_VAULT_URI = 'https://*********t.vault.azure.net'

client = KeyVaultClient(
    credentials
)

# Create a secret
secret_bundle = client.set_secret(KEY_VAULT_URI, 'octo-prroton', '2412423424fdsadada***********')
print(client.get_secret(KEY_VAULT_URI, 'octo-prroton', 1))

创建秘密有效,但获取秘密失败并出现以下回溯

Traceback (most recent call last): File "driver.py", line 23, in <module> 
print(client.get_secret(KEY_VAULT_URI, 'octo-prroton', 1)) File 
"/Users/ddavtian/Code/.virtualenvs/demo-key/lib/python3.6/site-
packages/azure/keyvault/key_vault_client.py", line 1798, in get_secret raise 
models.KeyVaultErrorException(self._deserialize, response) 
azure.keyvault.models.key_vault_error.KeyVaultErrorException: Operation 
returned an invalid status code 'Bad Request'

Herr 是 pip 包的列表

adal (0.4.5)
asn1crypto (0.22.0)
azure (2.0.0)
azure-batch (3.0.0)
azure-common (1.1.6)
azure-datalake-store (0.0.12)
azure-graphrbac (0.30.0)
azure-keyvault (0.3.5)
azure-mgmt (1.0.0)
azure-mgmt-authorization (0.30.0)
azure-mgmt-batch (4.0.0)
azure-mgmt-cdn (0.30.3)
azure-mgmt-cognitiveservices (1.0.0)
azure-mgmt-compute (1.0.0)
azure-mgmt-containerregistry (0.2.1)
azure-mgmt-datalake-analytics (0.1.6)
azure-mgmt-datalake-nspkg (2.0.0)
azure-mgmt-datalake-store (0.1.6)
azure-mgmt-devtestlabs (2.0.0)
azure-mgmt-dns (1.0.1)
azure-mgmt-documentdb (0.1.3)
azure-mgmt-iothub (0.2.2)
azure-mgmt-keyvault (0.31.0)
azure-mgmt-logic (2.1.0)
azure-mgmt-monitor (0.2.1)
azure-mgmt-network (1.0.0)
azure-mgmt-nspkg (2.0.0)
azure-mgmt-rdbms (0.1.0)
azure-mgmt-redis (4.1.0)
azure-mgmt-resource (1.1.0)
azure-mgmt-scheduler (1.1.2)
azure-mgmt-sql (0.5.3)
azure-mgmt-storage (1.0.0)
azure-mgmt-trafficmanager (0.30.0)
azure-mgmt-web (0.32.0)
azure-nspkg (2.0.0)
azure-servicebus (0.21.1)
azure-servicefabric (5.6.130)
azure-servicemanagement-legacy (0.20.6)
azure-storage (0.34.3)
certifi (2017.4.17)
cffi (1.10.0)
chardet (3.0.4)
cryptography (1.9)
idna (2.5)
isodate (0.5.4)
keyring (10.4.0)
msrest (0.4.11)
msrestazure (0.4.9)
oauthlib (2.0.2)
pip (9.0.1)
pycparser (2.17)
PyJWT (1.5.2)
python-dateutil (2.6.0)
requests (2.18.1)
requests-oauthlib (0.8.0)
setuptools (36.0.1)
six (1.10.0)
urllib3 (1.21.1)
wheel (0.29.0)

任何帮助表示赞赏。

4

2 回答 2

2

Azure 的 Python SDK 团队来帮助我,这里是我提出的 GitHub 错误和解决方案:https ://github.com/Azure/azure-sdk-for-python/issues/1263

于 2017-06-28T20:12:17.500 回答
0

正如您在 GitHub 问题中所分享的,这是由于get_secret调用中的密钥版本不正确。现在有一个azure-keyvault-secrets包用于处理 Key Vault 机密,并且get_secret在未指定版本时将获取最新的机密版本:

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

KEY_VAULT_URI = 'https://*********t.vault.azure.net'
SECRET_NAME = 'octo-prroton'

credential = DefaultAzureCredential()
client = SecretClient(KEY_VAULT_URI, credential)

secret = client.get_secret(SECRET_NAME)

还有用于使用 Key Vault 证书和密钥的新包。以下是包文档和迁移指南的链接azure-keyvault

(我在 Python 中使用 Azure SDK)

于 2020-12-30T00:46:02.027 回答