更新存储在 Azure Key Vault 中的证书的最佳替代方法是什么?
[英]What is the best alternative to renew a certificate stored in Azure Key Vault?
问题描述
I want to renew the certificate and update the certificate in AKS using kubectl commands.
我想续订证书并使用 kubectl 命令更新 AKS 中的证书。 What is the best and easy way to do this?最好和最简单的方法是什么?
I have used KQL query and have managed to create an alert based on certificate expiry.我使用了 KQL 查询并设法创建了基于证书到期的警报。 Now I want actions based on this alert.现在我想根据这个警报采取行动。 I don't want to use Logic Apps or Event grid for this我不想为此使用逻辑应用程序或事件网格
- Create an Azure DevOps pipeline and schedule it which will run few commands to query(Query Alert task seems to be agentless) the alerts and update the certificate.创建一个 Azure DevOps 管道并安排它运行一些命令来查询(查询警报任务似乎是无代理的)警报并更新证书。
- Trigger an Azure Function based on the alert and run powershell commands inside Azure Function to update the certificate.根据警报触发 Azure Function 并在 Azure Function 中运行 powershell 命令更新证书。
- Is there any better way to do this?有没有更好的方法来做到这一点?
1 个解决方案
解决方案1
1 2022-05-02 21:26:03
PowerShell is definitely the easiest way to do this. PowerShell 绝对是最简单的方法。 To add an existing cert to KeyVault you can use this script and modify to your needs.要将现有证书添加到 KeyVault,您可以使用此脚本并根据需要进行修改。
$securePassword = ConvertTo-SecureString -String $certPassword -Force -AsPlainText
$cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name $certName -FilePath $certFilePath -Password $securePassword
This will create a new version of the cert with the same name in the key vault.这将在密钥保管库中创建具有相同名称的新版本证书。 As long as you don't reference the specific version when retrieving from KeyVault, it will return the latest.只要您在从 KeyVault 检索时不引用特定版本,它就会返回最新版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.