Kudu部署期间Azure App Service中的node.js应用程序的关键保管库秘密
[英]Key Vault secrets during Kudu deployments for a node.js app in Azure App Service
问题描述
we have a node.js app that is deployed to Azure App Service. 
我们有一个部署到Azure应用服务的node.js应用。 Some of our npm packages dependencies are stored in a private npm repository and auth token for this repo is stored in Azure Key Vault. 我们的某些npm软件包依赖项存储在私有npm存储库中,此存储库的身份验证令牌存储在Azure Key Vault中。
We use VSTS for our builds and VSTS makes it easy to fetch the token from the Key Vault. 我们使用VSTS进行构建,而VSTS使得从Key Vault提取令牌很容易。 For our deployments, we use Kudu to npm install && npm start our app. 对于我们的部署,我们使用Kudu进行npm install && npm启动我们的应用程序。 But the npm install fails as packages from private repo can't be fetched. 但是npm安装失败,因为无法从私有仓库中获取软件包。
I have worked around this by adding the auth token as an app setting in the App Service and adding it to the .npmrc before Kudu runs npm install. 我已通过在App Service中将auth令牌添加为App设置并将其添加到.npmrc来解决此问题,然后Kudu运行npm install。 But I would really like a way to access the token from Key Vault directly from Kudu. 但是我真的很想直接从Kudu从Key Vault访问令牌的方法。 Is this something on the Key Vault or App Service team's radar? 这是Key Vault或App Service团队关注的事情吗?
Update 更新资料
The recommended approach is to use powershell SDK / REST APIs to read the secrets from the KeyVault and update the app service. 推荐的方法是使用Powershell SDK / REST API从KeyVault读取机密并更新应用程序服务。 Not ideal, but it works 不理想,但可以
1 个解决方案
解决方案1
1 已采纳 2017-02-02 19:18:25
Code running in your App Service (whether as part of Kudu or your actual site) cannot directly read from KeyVault. 在App Service中运行的代码(无论是Kudu的一部分还是您的实际站点)都无法直接从KeyVault读取。
The recommended pattern is to put the secret in an App Setting as described in https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application . 推荐的模式是按照https://docs.microsoft.com/zh-cn/azure/key-vault/key-vault-use-from-web-application中的说明将机密放入“应用程序设置”中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.