据我了解,您想使用 azure cli creds 获取 Azure 密钥保管库机密。如果是这样,您可以使用 sdk @azure/ms-rest-nodeauth
。萌详情请参考https://github.com/Azure/azure-sdk-for-node/issues/2284。详细步骤如下。
- 使用 VS 代码创建保护
npm init -y
npm install @azure/ms-rest-nodeauth
npm install @azure/keyvault
- 使用 Azure CLI 在 Azure 中登录
az login
- 代码
var azure = require('@azure/ms-rest-nodeauth')
var keyvault = require('@azure/keyvault')
async function main() {
const creds = await azure.AzureCliCredentials.create({ resource: "https://vault.azure.net" })
const client = new keyvault.KeyVaultClient(creds)
const secret = await client.getSecret('https://testkey08.vault.azure.net', 'test', '517cc458b7464c379d1d3e85bd2a5c94')
console.log(secret)
}
main()
.then(() => {
console.log("Successfully executed sample.");
})
.catch((err) => {
console.log(err.message);
});
![在此处输入图像描述](https://i.stack.imgur.com/Y8Pzu.png)
更新
根据我的测试,如果使用sdk@azure/keyvault-secrets
获取key vault secret,请参考以下代码:
var azure = require('@azure/ms-rest-nodeauth')
var keyvault = require('@azure/keyvault-secrets')
async function main() {
const creds = await azure.AzureCliCredentials.create({ resource: "https://vault.azure.net" })
const client = new keyvault.SecretClient('https://<your key vault name>.vault.azure.net',creds)
const secret = await client.getSecret('your secret name')
console.log(secret)
}
main()
.then(() => {
console.log("Successfully executed sample.");
})
.catch((err) => {
console.log(err.message);
});
![在此处输入图像描述](https://i.stack.imgur.com/hOkyD.png)
此外,根据我的测试和研究,如果我们使用 sdk@azure/keyvault-secrets
和@azure/keyvault-secrets
,我们无法使用 azure cli 中的帐户凭据来检索秘密。更多详细信息,请参阅文档
![在此处输入图像描述](https://i.stack.imgur.com/AKfCp.png)
因此,如果我们想在本地开发您的应用程序,我建议您创建一个服务主体来获取密钥库。详细步骤如下
- 创建 sp
az ad sp create-for-rbac -n <your-application-name> --skip-assignment
az keyvault set-policy --name <your-key-vault-name> --spn $AZURE_CLIENT_ID --secret-permissions backup delete get list purge recover restore set
- 创建 .env 文件
AZURE_TENANT_ID=<tenant id>
AZURE_CLIENT_ID=<app id>
AZURE_CLIENT_SECRET=<password>
- 代码
var keyvault = require('@azure/keyvault-secrets')
var azure1 = require('@azure/identity')
const dotenv = require('dotenv');
dotenv.config();
async function main() {
//const creds = await azure.AzureCliCredentials.create({ resource: "https://vault.azure.net" })
// console.log("way1")
// const client = new keyvault.SecretClient('https://testkey08.vault.azure.net',creds)
// const secret = await client.getSecret('test')
// //const secret = await client.getSecret('https://testkey08.vault.azure.net', 'test', '517cc458b7464c379d1d3e85bd2a5c94')
// console.log(secret)
console.log("-----------------------")
console.log("way2")
const creds1 = new azure1.DefaultAzureCredential()
const client1 = new keyvault.SecretClient('https://testkey08.vault.azure.net',creds1)
const secret1 = await client1.getSecret('test')
console.log(secret1)
}
main()
.then(() => {
console.log("Successfully executed sample.");
})
.catch((err) => {
console.log(err.message);
});
![在此处输入图像描述](https://i.stack.imgur.com/Qgd4X.png)