[英]Terraform with Azure Key Vault to get secret value
Now you can do it with azurerm_key_vault_secret data source.现在您可以使用azurerm_key_vault_secret数据源来完成。
I'm enjoying without any scripting.我很享受没有任何脚本。
data "azurerm_key_vault_secret" "test" {
name = "secret-sauce"
vault_uri = "https://rickslab.vault.azure.net/"
}
output "secret_value" {
value = "${data.azurerm_key_vault_secret.test.value}"
}
You first need to create a data resource to the azure key vault to get the key vault resource ID:首先需要为 azure Key Vault 创建数据资源以获取 Key Vault 资源 ID:
data "azurerm_key_vault" "keyvault" {
name = "${var.keyvault_name}"
resource_group_name = "${var.resourcegroup_name}"
}
And then use azurerm_key_vault_secret
to get the secret with the key vault resource Id:然后使用
azurerm_key_vault_secret
获取密钥保管库资源 Id 的机密:
data "azurerm_key_vault_secret" "win_admin_pass" {
name = "${var.secret_name}"
key_vault_id = "${data.azurerm_key_vault.keyvault.id}"
}
Please note that the use of vault_uri
in azurerm_key_vault_secret
is deprecated and not recommended.请注意,使用
vault_uri
在azurerm_key_vault_secret
已被弃用,不建议使用。
Unfortunately, this is not currently possible in Terraform.不幸的是,目前这在 Terraform 中是不可能的。 Terraform will only output the secret ID and version.
Terraform 只会输出秘密 ID 和版本。 If you need to retrieve azure keyvault secrets, the best method is to use the Azure-CLI, or Powershell if that's not available.
如果需要检索 azure keyvault 机密,最好的方法是使用 Azure-CLI 或 Powershell(如果不可用)。
Using Azure-CLI (2.0)使用 Azure-CLI (2.0)
az keyvault secret show --vault-name <vault-name> --name <secret-name>
Syntax:语法:
az keyvault secret show --name
--vault-name
[--version]
For more, see: Managing Azure Keyvault Secrets with Azure-CLi有关更多信息,请参阅: 使用 Azure-CLi 管理 Azure Keyvault Secrets
Using Powershell : Get-AzureKeyVaultSecret使用 Powershell : Get-AzureKeyVaultSecret
get-azurekeyvaultsecret -vaultName "<vault-name>" -name "<secret-name>"
I've been working on this to get password from key vault secret.我一直在努力从密钥库秘密中获取密码。 The code below worked for me , Give it a try.
下面的代码对我有用,试一试。
data "azurerm_key_vault" "terrakv" {
name = "terrakv" // KeyVault name
resource_group_name = "mykv" // resourceGroup
}
data "azurerm_key_vault_secret" "kvsecret" {
name = "secret" // Name of secret
key_vault_id = data.azurerm_key_vault.terrakv.id
}
os_profile {
computer_name = "vm-01"
admin_username = "testadmin"
admin_password = data.azurerm_key_vault_secret.kvsecret.value // Toget actual value
}
I hope it will help you for sure.我希望它肯定会帮助你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.