stackoom
  简体   繁体   中英

Access Azure container files using Azure Vault Secrets

 原文  2022-06-27 08:59:19       azure/ powershell/ azure-secrets

Question

I have the script to list the container files using the SAS token, But in our organization, they have stored this SAS token in the Azure vault and shared the read access with us. We are not able to view the SAS token from the vault instead we can use the vault secret name.

Please help to list the container files using Azure vault Secrets.

 $ContainerSAS = "sas*******"
 $StorageAccountName = "trialstorageaccount3"
 $ContainerName = "trialcontainer1"
 $Blob1Name = "AdventureWorksLT2019.bak"
 $TargetFolderPath = "D:\Anand\Downloads\HTC\DATA\AzureBlob\"
    
 $context = New-AzureStorageContext -StorageAccountName $StorageAccountName -SASToken $ContainerSAS
    
 $blobs = Get-AzureStorageBlob -Container $ContainerName -Context $context
    
 foreach($blob in $blobs) {
     Write-Host $blob.Name
     # New-Item -ItemType Directory -Force -Path $destination_path
     # Get-AzureStorageBlobContent -Container $ContainerName -Blob $blob.Name -Destination $TargetFolderPath -Context $context
 }

2 answers

solution1
 0  2022-06-27 11:32:13

You can use the Get-AzKeyVaultSecret to get the access token from the keyVault secret with respective SAS Definition.

To retrieve the specific SAS Definition, you have to use the below PowerShell Command


# Take a substring of vault secret from the secret identifier 
# https://<keyvaultName>.vault.azure.net/secrets/<vault name>/<vault secret>

$sas = Set-AzKeyVaultManagedStorageSasDefinition -AccountName <StorageAccount Name> -VaultName <vault Name> -Name accountsas -TemplateUri <Template Uri> -SasType 'account' -ValidityPeriod ([System.Timespan]::FromDays(30))

Get-AzKeyVaultSecret -VaultName <Keyvault Name> -Name $sas.Sid.Substring($sas.Sid.LastIndexOf('/')+1)

After retrieving the SAS Definition try to list the container files.

Refer here for more information.

solution2
 0  2022-06-27 11:34:46

You can use the PowerShell script below to list the blobs inside the container. In the script below Storage context will be created using the secret value that is stored in the keyvault.

$ContainerName="<containerName>"
$StorageAccountName = "<storageAccountName>"
$secretName="<KeyVaultSecretnName>"
$KeyvaultName="<KeyVaultName>"

$secret = Get-AzKeyVaultSecret -VaultName $KeyvaultName -Name $secretName -AsPlainText #Pull the secret value from keyvault and Stored in secret variable as plaintext format

$context= New-AzStorageContext -StorageAccountName $StorageAccountName -SasToken $secret

Get-AzStorageBlob -Container $ContainerName -Context $context | select -Property Name,ContentType

I have tested the above PowerShell Script and it is working from our end . I would suggest you to check the same from your end as well.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Key Vault: Backup Secrets using PowerShell Spring Boot - Azure Key Vault Managing Vault Access secrets Unable to create secrets in Azure Key Vault if using Azure role-based access control Assign Key Vault Secrets to an Azure Function using Azure PowerShell Azure Automation Credentials using Azure Key Vault secrets Azure Key Vault Secrets Query Azure Key Vault and Certificate - .NET Framework ClientCertificateCredential access to Secrets how to retrieve secrets from azure vault using java 5? How to bulk create and update Azure Key Vault secrets using scripts? Ansible Tower - Using Azure Key Vault Secrets Within Playbooks
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM