[英]Encrypt Azure Storage account key in powershell script
I'm developing a new powershell script in order to download any blobs from a specific container and the problem is due to security reasons because I do not want to paste in text plain the azure account key.我正在开发一个新的 powershell 脚本,以便从特定容器下载任何 blob,问题是由于安全原因,因为我不想将 azure 帐户密钥粘贴到纯文本中。 So I have implemented a solution using 'ConvertTo-SecureString' command but the problem still exists because when I create a connection string to the blob, there appears a message who said: "Server Failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code 403 - HTTP Error".
因此,我使用“ConvertTo-SecureString”命令实现了一个解决方案,但问题仍然存在,因为当我创建到 blob 的连接字符串时,会出现一条消息:“服务器无法验证请求。确保授权的值标头的格式正确,包括签名。HTTP 状态代码 403 - HTTP 错误”。
With the key in plain text I'm able to create the connection string properly and then list and download all blobs from the container.使用纯文本密钥,我可以正确创建连接字符串,然后列出并下载容器中的所有 blob。 I tried other solutions for example ' $Credential= New-Object System.Management.Automation.PSCredential ('$ShareUser, $SharePassword)' but there is other problem related with the input is not valid base64 string.
我尝试了其他解决方案,例如' $Credential= New-Object System.Management.Automation.PSCredential ('$ShareUser, $SharePassword)' 但还有其他与输入相关的问题不是有效的 base64 字符串。
Do you know how to avoid this issues and create a secure connection string with an Azure Storage Account?您知道如何避免此问题并使用 Azure 存储帐户创建安全连接字符串吗?
Best regards and thanks in advance提前致以最诚挚的问候和感谢
Here a part of my powershell script这是我的PowerShell脚本的一部分
$SecurePassword= Read-Host -AsSecureString | ConvertFrom-SecureString
$SecurePassword | Out-File -FilePath C:\test_blob\pass_file.xml
$ConfigFile= 'C:\Users\\config_file.xml'
IF (Test-Path) {
[xml]$Config= Get-Content $ConfigFile
[string] $Server = $Config.Config.Server;
[string] $SharePassword = $Config.Config.SharePassword;
} ELSE
{
write-host "File do not exists: $ConfigFile"
}
#BlobStorageInformation
$StorageAccountName='test_acc'
$Container='test'
$DestinationFolder= 'C:\Users\user1\Blobs'
$Context = New-AzStorageConext -StorageAccountName $StorageAccountName -StorageAccountKey $SharePassword
#List of Blobs
$ListBlob=@()
$ListBlob+= Get-AzStorageBlob -context $Context -container $Container | Where-Object {$_.LastModified -lt (Get-Date).AddDAys(-1)}
Why would you maintain the password files or enter storage key manually when you have az powershell.当您拥有 az powershell 时,为什么要维护密码文件或手动输入存储密钥。 Just login using az powershell, set the subscription and enjoy !
只需使用 az powershell 登录,设置订阅即可享受!
$ResourceGroupName = "YOURRESOURCEGROUPNAME"
$StorageAccountName = "YOURSTORAGEACCOUNTNAME"
$ContainerName = "YOURCONTAINERNAME"
$LocalPath = "D:\Temp"
Write-Output 'Downloading Content from Azure blob to local...'
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $StorageAccountName).value[0]
$storageContext = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $storageKey
$blobs = Get-AzStorageBlob -Container $ContainerName -Context $storageContext
foreach($blob in $blobs)
{
Get-AzStorageBlobContent -Container $ContainerName -Context $storageContext -Force -Destination $LocalPath -Blob $blob.Name
}
Write-Output 'Content Downloaded Successfully !!!'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.