[英]How to access Azure Keyvault via private endpoint in Python?
For security purpose, I have disabled public access under Networking Tab in Keyvault and have a private endpoint in place.出于安全目的,我在 Keyvault 的“网络”选项卡下禁用了公共访问,并有一个专用端点。 Both keyvault and private endpoint reside in same resource group. keyvault 和专用端点都位于同一资源组中。 I have an app registration for my application for which I have granted access under Access policies in Keyvault.我的应用程序有一个应用程序注册,我已根据 Keyvault 中的访问策略授予访问权限。
Using Python SDK,使用 Python SDK,
from azure.keyvault.secrets import SecretClient
from azure.identity import ClientSecretCredential as cs
keyVaultName = "<NAME>"
kvURI = "https://<NAME>.vault.azure.net"
AZ_TENANT_ID = '<AZ_TENANT_ID>'
AZ_CLIENT_ID = '<AZ_CLIENT_ID>'
AZ_CLIENT_SECRET = '<AZ_CLIENT_SECRET>'
credential = cs(
tenant_id=AZ_TENANT_ID,
client_id=AZ_CLIENT_ID,
client_secret=AZ_CLIENT_SECRET)
def set_secret(secretname,secretvalue):
print(credential)
secret_client = SecretClient(vault_url=kvURI, credential=credential)
secret = secret_client.set_secret(secretname,secretvalue,enabled=True)
sec_dic={}
sec_dic['name']=secret.name
sec_dic['value']=secret.value
sec_dic['properties']=secret.properties.version
return sec_dic
xx=set_secret('g','ff')
print(xx)
When running this code, I get the follwing error,运行此代码时,出现以下错误,
azure.core.exceptions.HttpResponseError: (Forbidden) Public network access is disabled and request is not from a trusted service nor via an approved private link.
Code: Forbidden
Message: Public network access is disabled and request is not from a trusted service nor via an approved private link.
Inner error: {
"code": "ForbiddenByConnection"
}
What am I doing wrong?我究竟做错了什么? How do I connect to keyvault that has no public access only via private endpoint?如何连接到仅通过专用端点没有公共访问权限的 keyvault?
I have reproduced in my environment, and got expected results as below:我已经在我的环境中进行了重现,并得到了如下预期结果:
Firstly, I have done the same process you have explained, and I got same error as you have got:首先,我完成了您所解释的相同过程,并且遇到了与您相同的错误:
So, this error comes when you create a private endpoint.因此,当您创建专用端点时会出现此错误。
When you create a private endpoint with a particular Virtual Network-Su.net, you need to create a Virtual Machine where Virtual Network is integrated.当您使用特定的虚拟网络-Su.net 创建专用端点时,您需要创建一个集成了虚拟网络的虚拟机。
Then we need to open the Vm created integrated with the above Virtual Network-Su.net, and now when I try to access the key Vault, I got required result as below:然后我们需要打开与上述虚拟网络-Su.net 集成创建的虚拟机,现在当我尝试访问密钥库时,我得到如下所需的结果:
References:参考:
azure - Unable to get storage account container details - Stack Overflow azure - 无法获取存储帐户容器详细信息 - 堆栈内存溢出
Azure Key Vault not allow access via private endpoint connection Azure Key Vault 不允许通过专用终结点连接进行访问
Azure functions and Azure KeyVault communicating through service endpoint Azure 函数和 Azure KeyVault 通过服务端点通信
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.