从 DevOps Pipeline 读取 Keyvault 机密
[英]Read Keyvault secrets from DevOps Pipeline
问题描述
Trying to read Key Vault from DevOps pipeline.
尝试从 DevOps 管道读取 Key Vault。 After granting Service Connection access to Key Vault, still getting below error while reading Key Vault secrets from DevOps授予对 Key Vault 的服务连接访问权限后,从 DevOps 读取 Key Vault 机密时仍然出现以下错误
Downloading secrets using: https://xx-xx-xx-kv-sit.vault.azure.net/secrets?maxresults=25&api-version=2016-10-01.
##[error] Get secrets failed.
Error: Client address is not authorized and caller is not a trusted service.
Client address: xx.xx.x1.1xx
KeyVault firewalls setup is to allow traffic through selected networks, which is VNET xx-xx-vnet-01-np KeyVault 防火墙设置是允许流量通过选定的网络,即 VNET xx-xx-vnet-01-np
If I changed to All Networks it works fine.如果我更改为所有网络,它工作正常。
If I need to DevOps to go through above VNET where to configure?如果我需要通过上面的 VNET 对 go 进行 DevOps 到哪里配置?
1 个解决方案
解决方案1
0 2022-01-26 23:47:37
If you're using a private agent, you'll need to add the subnet containing your private agent to the list of allowed subnets.如果您使用的是私有代理,则需要将包含您的私有代理的子网添加到允许的子网列表中。
If you're using a Microsoft-hosted agent, the best you can do is capture the agent's IP (using something like https://www.ipify.org/ ) and temporarily add it to the keyvault's IP address whitelist.如果您使用的是 Microsoft 托管的代理,您可以做的最好的事情是捕获代理的 IP(使用https://www.ipify.org/之类的东西)并将其临时添加到密钥库的地址 ZA121A6BA52E84CEDB26。 It's a pain.这是一种痛苦。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.