检索多个秘密值密钥库
共有1个答案
目前,没有Azure Vault API操作可以让您从Azure Vault中检索所有具有各自值的秘密。
但是,您可以通过使用集合运行器和控制逻辑来定义运行哪个请求以及运行到何时,从而使用postman来编排所有机密的检索。我从这个社区帖子中引用并创建了一个邮递员收藏,这将帮助你检索所有的秘密。
我已经在我个人Azure订阅的一个密钥库上测试了这一点,它像一个魅力一样工作。请确保在集合运行器中有一个空白的邮递员环境来运行此集合。
{
"info": {
"_postman_id": "c7298583-a343-47f3-b608-73547da45d5e",
"name": "Azure Vault Secrets",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Retrieve All Secret Keys",
"event": [
{
"listen": "test",
"script": {
"id": "af71963c-adc5-4688-aa55-5fdae1aea154",
"exec": [
"// Function to extract last element i.e. the Secret Key Name from the secrets URL",
"const getLastItem = thePath => thePath.substring(thePath.lastIndexOf('/') + 1);",
"",
"// Parse the response Body",
"var jsonData = pm.response.json();",
"",
"// Map the secrets URL from the element 'id' presnet in response",
"var secretUrllist = _.map(jsonData.value, 'id');",
"",
"// Initialize an empty array to store the secret Key name",
"var secretList = [];",
"",
"// Populate the array and extract the last element from the URL",
"_.forEach(secretUrllist, function(value){",
" secretList.push(getLastItem(value));",
"});",
"",
"// Set the secretList",
"pm.environment.set('secretList',JSON.stringify(secretList));",
"",
"// Set the next index of the array for secretList ",
"pm.environment.set('nextIndex', 0);",
"",
"// Set the active secret Key name to fetch the secret Value for",
"pm.environment.set('activeSecret', secretList[0]);",
""
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "noauth"
},
"method": "GET",
"header": [],
"url": {
"raw": "{{vaultBaseUrl}}/secrets?api-version=7.1",
"host": [
"{{vaultBaseUrl}}"
],
"path": [
"secrets"
],
"query": [
{
"key": "api-version",
"value": "7.1"
}
]
}
},
"response": []
},
{
"name": "Retrieve All Secret Values",
"event": [
{
"listen": "test",
"script": {
"id": "7d6e8591-9c9b-4a97-92f3-a24059fa8750",
"exec": [
"let secretList = JSON.parse(pm.environment.get('secretList')),",
" // Increment the next Index",
" nextIndex = parseInt(pm.environment.get('nextIndex')) + 1;",
"",
"",
"// In case secret values have been fetched for all requests then we're done here",
"// time to end the collection run and clean up the environment and activeSecret",
"if (secretList.length === nextIndex) {",
" pm.environment.set('nextIndex', 0);",
" pm.environment.set('activeSecret', secretList[0]);",
"",
" postman.setNextRequest(null);",
"}",
"else {",
" let activeSecret = secretList[nextIndex];",
" pm.environment.set('nextIndex', nextIndex);",
" pm.environment.set('activeSecret', activeSecret);",
"",
" // Now run the Retrieve All Secret Values request again to get the secret value",
" // for the next request",
" postman.setNextRequest(\"Retrieve All Secret Values\");",
"}",
"",
""
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "noauth"
},
"method": "GET",
"header": [],
"url": {
"raw": "{{vaultBaseUrl}}/secrets/{{activeSecret}}?api-version=7.1",
"host": [
"{{vaultBaseUrl}}"
],
"path": [
"secrets",
"{{activeSecret}}"
],
"query": [
{
"key": "api-version",
"value": "7.1"
}
]
}
},
"response": []
}
],
"protocolProfileBehavior": {}
-
我试图安全地从azure中检索凭据,而不必在本地保存Cred,这已经证明比我最初想象的要困难。
-
数以千计的秘密在我的蓝色钥匙库里。所以每当我需要在Azure门户检查/查看秘密值时,我将需要在多次加载所有秘密后向上滚动到最后。除了API之外,还有什么捷径可以看到吗?比你提前!!
-
exception.message=“参数:连接字符串:[没有指定连接字符串],资源:https://vault.azure.net,权限异常消息:尝试了以下3种方法来获取访问令牌,但都不起作用。参数:连接字符串:[未指定连接字符串],资源:https://vault.azure.net,权限:异常消息:试图使用托管服务标识获取令牌。无法连接到托管服务标识(MSI)终结点。请检查您正在运行的Azu
-
我想在Azure密钥金库里储存一些更大的秘密。 所以我想知道在Azure Key Vault中可以作为秘密存储的值的最大大小是多少?
-
我有一个用秘密定义的Azure密钥库,我可以使用“Azure密钥库”任务在devops构建管道中访问它。现在我需要将秘密变量传递给python内联脚本。 由于它是加密的,python无法直接读取该值。我如何解密并传递它们。这个秘密持有Databricks的访问令牌。我们正在尝试使用DevOps管道创建Databricks集群。 我的Yaml有以下任务 Azure KeyVault Powershe
-
我们计划在应用程序端缓存DB表(以避免DB调用)。我们的缓存是关键 从列1=? 的表中选择*,从列2=?和列3=? 的表中选择*,从列4=?和列5=?和列6=?的表中选择*。 一个最简单的选择是构建3个缓存,如下所示。 (专栏1)- 还有更好的选择吗? 要点: 表包含数百万条记录 我们使用Java ConcurrentHashMap实现缓存