如何在 DevOps 管道上运行的 Powershell 上使用密钥保管库机密
每个人,
我的DevOps管道中都有2个任务,第一个是从Azure密钥库中获取秘密值,
trigger: none
jobs:
- job: PBICDSolution
pool:
vmImage: windows-latest
steps:
- checkout: self
- task: AzureKeyVault@2
inputs:
azureSubscription: '<my subscription>'
KeyVaultName: 'PA01'
SecretsFilter: '<my secret name>'
RunAsPreJob: false
接下来我想在我的PowerShell脚本中使用此秘密值来登录服务主帐户。这是我的PowerShell代码,
$azureAplicationId = "<my service principal client id>"
$azureTenantId= "<my tanant id>"
Write-Output "Generate Credential"
$azurePassword = ConvertTo-SecureString <here should be the variable of AKV secret value> -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Write-Output "Login SP"
Connect-PowerBIServiceAccount -Tenant $azureTenantId -ServicePrincipal -Credential $psCred
这是上述任务的管道YML代码,
- task: AzurePowerShell@5
inputs:
azureSubscription: '<my subscripton name>'
ScriptType: 'FilePath'
ScriptPath: '$(Build.SourcesDirectory)\<my ps file name>.ps1'
ScriptArguments: '<how can i set the variable here?>'
azurePowerShellVersion: 'LatestVersion'
因此问题在这里,我如何从task1获取输出值,然后将此值传递到Task2 (PowerShell脚本)? 我已经参考这个文档,但这无济于事,因为我不需要将秘密下载到TXT文件中。
任何解决方案都将不胜感激!
everyone,
There are 2 tasks in my DevOps pipeline, the first is for getting the secret value from Azure Key Vault,
trigger: none
jobs:
- job: PBICDSolution
pool:
vmImage: windows-latest
steps:
- checkout: self
- task: AzureKeyVault@2
inputs:
azureSubscription: '<my subscription>'
KeyVaultName: 'PA01'
SecretsFilter: '<my secret name>'
RunAsPreJob: false
Next I want to use this secret value inside my powershell script for login a service principal account. Here is my powershell code,
$azureAplicationId = "<my service principal client id>"
$azureTenantId= "<my tanant id>"
Write-Output "Generate Credential"
$azurePassword = ConvertTo-SecureString <here should be the variable of AKV secret value> -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Write-Output "Login SP"
Connect-PowerBIServiceAccount -Tenant $azureTenantId -ServicePrincipal -Credential $psCred
Here is the pipeline yml code for above task,
- task: AzurePowerShell@5
inputs:
azureSubscription: '<my subscripton name>'
ScriptType: 'FilePath'
ScriptPath: '$(Build.SourcesDirectory)\<my ps file name>.ps1'
ScriptArguments: '<how can i set the variable here?>'
azurePowerShellVersion: 'LatestVersion'
So the question is here, how can I get the output value from task1, then pass this value into task2 (PowerShell script)?
I have refer to this docs but it's not helpful since I don't need to download the secret to a txt file.
Any solution would be grateful!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您在Azure键保管任务中下载的密钥库可以用作管道变量。
请参阅以下步骤使用密钥库。
在Azure PowerShell任务中,您可以定义争论:
-azurePassword $(AzurePassword)例如:
在PowerShell文件中,您可以定义参数。
例如:
The key vault you downloaded in the azure key vault task can be used as a Pipeline variable.
Refer to the following steps to use the Key vault.
In Azure Powershell Task, you can define the arguement:
-azurePassword $(azurePassword)For example:
In Powershell file, you can define the param.
For example: