[英]Updating key vault secret via Arm template release from devops CI/CD fails
我已经设法使用我的 arm 模板通过 DevOps 的 CI/CD 将机密信息发布到我的 Azure 密钥保管库。 初始版本运行良好,并将我新的不存在的机密添加到我的密钥保管库资源中。 尽管人们试图更新我的 ARM 模板中的秘密值,然后将其推送到我的 GIT-repo 以依次发布它以更新我在 azure 中的秘密,但它没有给我:
At least one resource deployment operation failed. Please list deployment operations for
details. Please see https://aka.ms/DeployOperations for usage details.
Details:
BadRequest:
Check out the troubleshooting guide to see if your issue is addressed:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
Task failed while creating or updating the template deployment.
我的模板如下所示:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"value": "test-kv-devopstest01-d"
},
"TestCedential_1": {
"value": "TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string"
},
"TestCedential_1": {
"type": "secureString"
},
"TestCedentialName_1": {
"type": "string"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
我还尝试在 azure 中的密钥保管库资源中为访问控制中的管道授予权限。
我可能错过了什么吗?
我在我的环境中测试了相同的代码,它导致了相同的错误:
问题在于以下内容:
"TestCedentialName_1": {
"value": "TestCedentialSecretName1_SecondVersion"
}
在Key vault secret中,名称中不允许使用“_”(下划线) 。 允许的值为字母数字字符和破折号。
将下划线更改为破折号可解决此问题:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVault": {
"type": "string",
"defaultValue" :"test-kv-ansuman-d"
},
"TestCedential_1": {
"type": "secureString",
"defaultValue":"TestCedentialSecretValue1"
},
"TestCedentialName_1": {
"type": "string",
"defaultValue": "TestCedentialSecretName1-SecondVersion"
}
},
"variables": {
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVault'), '/', parameters('TestCedentialName_1'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[parameters('TestCedential_1')]"
}
}
],
"outputs": {}
}
Output:
通过参数文件将 Azure Key Vault secret 读入 ARM 模板
[英]Reading Azure Key Vault secret into ARM template via parameter file
如何获取用于 CI/CD 部署的 Azure 密钥保管库机密 URI?
[英]How to get the Azure key vault secret URI for CI/CD deployment?
如何通过 Azure Devops CI/CD 使用单个 arm 模板部署多个逻辑应用程序?
[英]How to deploy multiple logic app with single arm template via Azure Devops CI/CD?
将 Azure Key Vault Secret 分配给 Devops Release Pipeline 的连接字符串
[英]Assign Azure Key Vault Secret to Connection String for Devops Release Pipeline
Azure DevOps 发布管道:从变量组中检索 Key Vault Secret 的版本号
[英]Azure DevOps Release Pipeline: Retrieve Version Number of Key Vault Secret from Variable Group
如何将 DevOps 发布机密传递给 ARM 以进行 Key Vault 部署
[英]How to pass DevOps release secrets to ARM for Key Vault Deployment
Azure:在 ARM 模板创建的 Key Vault 中存储资源的秘密
[英]Azure: store resource's secret in Key Vault created by ARM template
证书作为秘密存储在 Azure Key Vault 中只能通过 ARM 模板检索其私钥一次
[英]Cert stored as secret in Azure Key Vault can only have its private keys retrieved once via ARM Template
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.