当前位置: 文江博客话题详情

如何使用Terraform在Azure键Vault中从SQL托管实例存储连接字符串

发布于 2025-01-26 12:39:04 字数 406 浏览 3 评论 0原文

我正在使用Terraform部署SQL托管实例,并且需要将其随附的4个连接字符串存储在Azure密钥库中。根据SQL托管实例的Terraform文档: noreferrer“ /最新/docs/resources/mssql_managed_instance 连接字符串不是导出的属性,因此不能仅仅执行输出并引用它。我将如何识别这些连接字符串将它们存储在钥匙库中?

如果Terraform不可能,我对Powershell/ARM解决方案开放

原文

I am using terraform to deploy a SQL managed instance and need to store the 4 connection strings that come with it in azure key vault. According to terraform documentation for SQL managed instance:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_managed_instance
connection string is not an attribute that is exported, so can't just do an output and reference it. How would I identify these connection strings to store them in key vault?

If it is not possible with terraform I am open to powershell/arm solutions

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

妄断弥空 2025-02-02 12:39:04

通常,您可以使用Terraform这样的Terraform将任何秘密存储在钥匙库中:

resource "azurerm_key_vault_secret" "example" {
  name         = "the-secret-name"
  value        = "the-secret-value"
  key_vault_id = var.keyvault_id
}

每个连接字符串遵循某个语法,因此我将它们放在基于名称,管理员用户和管理员密码的字符串中,然后将它们添加到键库中,与此类似:

locals {
    username = "admin"
    password = "abc"
}

resource "azurerm_mssql_managed_instance" "example" {
  name                = "managedsqlinstance"
  resource_group_name = var.resource_group_name
  location            = var.location
  
  administrator_login          = local.username
  administrator_login_password = local.password
  ...
}
resource "azurerm_key_vault_secret" "example" {
  name         = "sql-connectionstring"
  value        = "Server=tcp:${azurerm_mssql_managed_instance.example.name}.database.windows.net,1433;Persist Security Info=False;User ID=${local.username};Password=${local.password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
  key_vault_id = var.keyvault_id
}

要找到连接字符串及其确切的语法,您应该查看在Azure门户中创建的SQL托管实例。

In general, you can store any secret in a key vault using terraform like so:

resource "azurerm_key_vault_secret" "example" {
  name         = "the-secret-name"
  value        = "the-secret-value"
  key_vault_id = var.keyvault_id
}

Every connection string follows a certain syntax so I would put these together as strings based on the name, admin user and admin password, and add them to the key vault, similar to this:

locals {
    username = "admin"
    password = "abc"
}

resource "azurerm_mssql_managed_instance" "example" {
  name                = "managedsqlinstance"
  resource_group_name = var.resource_group_name
  location            = var.location
  
  administrator_login          = local.username
  administrator_login_password = local.password
  ...
}
resource "azurerm_key_vault_secret" "example" {
  name         = "sql-connectionstring"
  value        = "Server=tcp:${azurerm_mssql_managed_instance.example.name}.database.windows.net,1433;Persist Security Info=False;User ID=${local.username};Password=${local.password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
  key_vault_id = var.keyvault_id
}

To find the connection strings and their exact syntax, you should have a look at the sql managed instance that has been created in the azure portal.

回复 原文
~没有更多了~

关于作者

心凉怎暖

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文