Azure Key Vault 参考 Java 代码/Yaml 管道
[英]Azure Key Vault References Java Code/Yaml Pipeline
问题描述
I need help figuring out how to properly setup Key Vault Secrets in my pipeline.
我需要帮助弄清楚如何在我的管道中正确设置 Key Vault Secrets。
I am building a Java Web App using maven and deploying it on app service linux web container. I am building a Java Web App using maven and deploying it on app service linux web container.
My entire pipeline is run on ADO Yaml File with my first task being the Azure Key Vault Task to pull secrets, followed by Maven build task and artifact publish task.我的整个管道在 ADO Yaml 文件上运行,我的第一个任务是 Azure 密钥保管库任务以提取机密,然后是 Maven 发布任务和艺术发布任务。
Overall the web container deploys successfully but what I need to do now is to secure my secrets in Key Vault and remove it from the hard code in my web app.总体而言,web 容器部署成功,但我现在需要做的是保护 Key Vault 中的机密并将其从我的 web 应用程序的硬代码中删除。 That is where I am confused on how to make it all work together.这就是我对如何使它们一起工作感到困惑的地方。
In my Azure Key Vault Task in Yaml file,I have the following code:在我的 Yaml 文件中的 Azure Key Vault 任务中,我有以下代码:
steps:
-task: AzureKeyVault@2
inputs:
azureSubscription: 'my_subscription'
KeyVaultName: 'my_KV'
SecretsFilter: '*'
RunAsPreJob: false
script: Write-Host $env:MY_MAPPED_ENV_VAR
env:
MY_MAPPED_ENV_VAR:$(my_secret)
Followed by Maven Build Task and Artifact Publish tasks其次是 Maven 构建任务和工件发布任务
In Azure Portal, I already created a secret(my_secret) containing the value of my connection string that was in my java code.在 Azure 门户中,我已经创建了一个秘密(my_secret),其中包含我的 java 代码中的连接字符串的值。
In my Java code,在我的 Java 代码中,
I have a file called Provider.java that contains the following code:我有一个名为 Provider.java 的文件,其中包含以下代码:
package com.***.***.***;
public interface Provider {
String DRIVER="com.microsoft.sqlserver.jdbc.SQLServerDriver";
String Connection_URL="jdbc:sqlserver://11.2.4.11:8433;databaseName=TPNTFDB;user=tpntf_potsfinder;password=Potsfinder2!";
}
No I am not even sure I have mapped my env var properly for my secrets.不,我什至不确定我是否为我的秘密正确映射了我的环境变量。
In addition I am unsure how I can remove my hardcode connection url from my java code and replace with with a key vault reference or env var that will allow my code to resolve my secrets from Key vault.此外,我不确定如何从我的 java 代码中删除我的硬代码连接 url 并替换为允许我的代码从 Key Vault 解析我的秘密的密钥库引用或环境变量。
In other words, after I store my connection url as a secrets in Key vault, and pull it using a Key Vault task in Yaml File, how can I remove my hard coded connection url and replace it with Key Vault Secrets?换句话说,在我将连接 url 作为机密存储在 Key Vault 中并使用 Yaml 文件中的 Key Vault 任务将其拉出后,如何删除我的硬编码连接 Z572D4E421E5E6B9BCE112Z81 并将其替换为 KeyA02B9BCE112Z81
1 个解决方案
解决方案1
0 2022-01-07 04:56:53
Use the below Key vault task in the pipeline to fetch the secrets in your key vault:在管道中使用以下 Key Vault 任务来获取 Key Vault 中的机密:
- task: AzureKeyVault@2
displayName: 'Configure Key Vault'
inputs:
azureSubscription: 'my_subscription'
KeyVaultName: 'my_KV'
SecretsFilter: '*'
RunAsPreJob: false
Now in your maven build task, define an environment variable as below:现在在您的 maven 构建任务中,定义如下环境变量:
env:
MySecret: $(key-vault-secret-name)
In your java code, you can use the key vault secrets as below:在您的 java 代码中,您可以使用如下密钥库机密:
String Connection_URL = System.getenv("MySecret")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.