[英]PowerShell 7 on Linux, using Certificate to Authenticate to Azure
I am not that experienced with Linux, so bear with me:-) I am beginning to use the VSC Remote Development extension to connect to a Azure based Linux VM for PowerShell scripting purposes - works like a charm. I am not that experienced with Linux, so bear with me:-) I am beginning to use the VSC Remote Development extension to connect to a Azure based Linux VM for PowerShell scripting purposes - works like a charm.
But I would like to have some easy way of handling certificates, using to authenticate connections to Azure Resource Manager (using Connect-AzAccount and a SPN in Azure AD).但我想有一些简单的方法来处理证书,用于验证与 Azure 资源管理器的连接(使用 Connect-AzAccount 和 Azure AD 中的 SPN)。
I consider using the Azure KeyVault for Linux extension, which handle the cerificate distribution nicely.我考虑将 Azure KeyVault 用于 Linux 扩展,它可以很好地处理证书分发。 On windows, the certificates end up in the personal certificate store and are directly usable.在 windows 上,证书最终在个人证书存储中并且可以直接使用。 On Linux however, they end up in /var/lib/.. as PEM files.然而,在 Linux 上,它们最终以 PEM 文件的形式出现在 /var/lib/.. 中。 So how do I get them "usable" in the easiest possible way..?那么我如何以最简单的方式让它们“可用”..?
Thanks in advance for suggestions and ideas \Jesper提前感谢您的建议和想法 \Jesper
Yes, the Key Vault virtual machine extension for Linux is an easy way to go.是的,Linux 的Key Vault 虚拟机扩展是 go的简单方法。 The VM extension would require system or user-managed identity to be assigned to authenticate to the Key Vault. VM 扩展需要分配系统或用户管理的标识,以对 Key Vault 进行身份验证。 See How to authenticate to Key Vault and assign a Key Vault access policy .请参阅如何对 Key Vault 进行身份验证并分配 Key Vault 访问策略。 You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.您可以使用此身份向任何支持 Azure AD 身份验证的服务进行身份验证,而无需在您的代码中使用凭据。
Your observed certificate URLs should be of the form https://myVaultName.vault.azure.net/secrets/myCertName
.您观察到的证书 URL 的格式应为https://myVaultName.vault.azure.net/secrets/myCertName
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.