在 PowerShell 脚本中加密 Azure 存储帐户密钥
[英]Encrypt Azure Storage account key in powershell script
问题描述
I'm developing a new powershell script in order to download any blobs from a specific container and the problem is due to security reasons because I do not want to paste in text plain the azure account key.
我正在开发一个新的 powershell 脚本,以便从特定容器下载任何 blob,问题是由于安全原因,因为我不想将 azure 帐户密钥粘贴到纯文本中。 So I have implemented a solution using 'ConvertTo-SecureString' command but the problem still exists because when I create a connection string to the blob, there appears a message who said: "Server Failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code 403 - HTTP Error".因此,我使用“ConvertTo-SecureString”命令实现了一个解决方案,但问题仍然存在,因为当我创建到 blob 的连接字符串时,会出现一条消息:“服务器无法验证请求。确保授权的值标头的格式正确,包括签名。HTTP 状态代码 403 - HTTP 错误”。
With the key in plain text I'm able to create the connection string properly and then list and download all blobs from the container.使用纯文本密钥,我可以正确创建连接字符串,然后列出并下载容器中的所有 blob。 I tried other solutions for example ' $Credential= New-Object System.Management.Automation.PSCredential ('$ShareUser, $SharePassword)' but there is other problem related with the input is not valid base64 string.我尝试了其他解决方案,例如' $Credential= New-Object System.Management.Automation.PSCredential ('$ShareUser, $SharePassword)' 但还有其他与输入相关的问题不是有效的 base64 字符串。
Do you know how to avoid this issues and create a secure connection string with an Azure Storage Account?您知道如何避免此问题并使用 Azure 存储帐户创建安全连接字符串吗?
Best regards and thanks in advance提前致以最诚挚的问候和感谢
Here a part of my powershell script这是我的PowerShell脚本的一部分
$SecurePassword= Read-Host -AsSecureString | ConvertFrom-SecureString
$SecurePassword | Out-File -FilePath C:\test_blob\pass_file.xml
$ConfigFile= 'C:\Users\\config_file.xml'
IF (Test-Path) {
[xml]$Config= Get-Content $ConfigFile
[string] $Server = $Config.Config.Server;
[string] $SharePassword = $Config.Config.SharePassword;
} ELSE
{
write-host "File do not exists: $ConfigFile"
}
#BlobStorageInformation
$StorageAccountName='test_acc'
$Container='test'
$DestinationFolder= 'C:\Users\user1\Blobs'
$Context = New-AzStorageConext -StorageAccountName $StorageAccountName -StorageAccountKey $SharePassword
#List of Blobs
$ListBlob=@()
$ListBlob+= Get-AzStorageBlob -context $Context -container $Container | Where-Object {$_.LastModified -lt (Get-Date).AddDAys(-1)}
1 个解决方案
解决方案1
1 2022-06-28 23:03:28
Why would you maintain the password files or enter storage key manually when you have az powershell.当您拥有 az powershell 时,为什么要维护密码文件或手动输入存储密钥。 Just login using az powershell, set the subscription and enjoy !只需使用 az powershell 登录,设置订阅即可享受!
$ResourceGroupName = "YOURRESOURCEGROUPNAME"
$StorageAccountName = "YOURSTORAGEACCOUNTNAME"
$ContainerName = "YOURCONTAINERNAME"
$LocalPath = "D:\Temp"
Write-Output 'Downloading Content from Azure blob to local...'
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $StorageAccountName).value[0]
$storageContext = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $storageKey
$blobs = Get-AzStorageBlob -Container $ContainerName -Context $storageContext
foreach($blob in $blobs)
{
Get-AzStorageBlobContent -Container $ContainerName -Context $storageContext -Force -Destination $LocalPath -Blob $blob.Name
}
Write-Output 'Content Downloaded Successfully !!!'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.