我有一个名为
myKeyVaultmyKey如果我同意:
az keyvault key show --vault-name myKeyVault --name keythatdoesntexist虽然上述方法可能有效,但它是通过检查失败命令返回的
nullaz keyvault show <none existent secret># get Command Line Args
keyVaultName=$1
secretName=$2
# Check if secret exists
secret_exists=$(az keyvault secret list --vault-name $keyVaultName --query "contains([].id, 'https://$keyVaultName.vault.azure.net/secrets/$secretName')")
if [ $secret_exists == true ]; then
echo "Secret '$secretName' exists! fetching..."
secret_val=$(az keyvault secret show --name $secretName --vault-name $keyVaultName --query "value")
echo "##vso[task.setvariable variable=ssh_value]$secret_val"
else
echo "Secret '$secretName' do not exist! creating..."
ssh-keygen -f ~/.ssh/id_rsa_infra -q -P ""
ssh_value=$(<~/.ssh/id_rsa_infra.pub)
echo "##vso[task.setvariable variable=ssh_value]$ssh_value"
az keyvault secret set --vault-name $keyVaultName --name $secretName -f ~/.ssh/id_rsa_infra.pub >/dev/null
fi
可能会发现以下有用...
稍后您需要 JMESPath contains() 的VaultUri 属性,因此...
($resource = az resource show --subscription ($subscription = 'MY_SUBSCRIPTION') --resource-group ($resourceGroup = 'MY_RESOURCE_GROUP') --resource-type 'Microsoft.KeyVault/vaults' --name ($resourceName = 'MY_KEYVAULT_NAME') --output json | ConvertFrom-Json) | Format-List
使用
az keyvault key list --query(az keyvault key list --subscription $subscription --vault-name $resourceName --query ("contains([].kid, '{0}keys/{1}')" -F $resource.Properties.vaultUri, ($keyName = "NAME_OF_KEY")))
如果 MY_KEY_NAME 存在,则以下内容将以相反的创建者顺序返回启用的修订版本,即最新修订版本为 [0]
($listVersions = az keyvault key list-versions --subscription $subscription --vault-name $resourceName --name $keyName --query "reverse(sort_by([?attributes.enabled], &attributes.created))" --output json | ConvertFrom-Json) | Format-List
我无法获取 NotBefore 和 Expires 的日期时间以在 JMESPath 中工作,因此 PowerShell 等效项是...
($activeVersions = $listVersions | Where-Object { (($null -eq $_.attributes.notbefore) -or ($_.attributes.notbefore -le ($Now = [System.DateTime]::Now))) -and (($null -eq $_.attributes.expires) -or ($_.attributes.expires -gt $Now)) }) | Format-List
然后使用
显示 MY_KEY_NAME 最新活动版本的详细信息($key = az keyvault key show --subscription $subscription --vault-name $resourceName --name $keyName --version ($activeVerions[0].kid -replace ('^.+/', '')) --output json | ConvertFrom-Json) | Format-List
虽然需要启用最新版本才能使用,所以以下内容就可以了:
($key = az keyvault key show --subscription $subscription --vault-name $resourceName --name $keyName --output json | ConvertFrom-Json) | Format-List
没有直接的“如果存在”API。但一种简单的方法是仅捕获变量中
az keyvault key show --vault-name myKeyVault --name keythatdoesntexistnull$key = az keyvault key show --vault-name myKeyVault --name keythatdoesntexist
if ($key -ne $null) {
write-host 'Exists'
}
else {
write-host 'Does not exist'
}
你可以尝试以下方法
#To suppress the error
$ErrorActionPreference= 'silentlycontinue'
#if($(output), exists,not exists)
If($(az keyvault key show --vault-name YOURVAULTNAME --name YOURKEYNAME))
{
$exist = True
write-host 'Exists'
}
else
{
$exist = False
write-host 'Not Exists'
}
#Setting the ErrorActionPrefence to the Default
$ErrorActionPreference= 'Continue'
简单的 Bash 脚本:
keyVaultName=myKeyVault
secretName=myKey
secretExists=$(az keyvault secret list --vault-name $keyVaultName --query "contains([].name, '$secretName')")
if [ "$secretExists" == "true" ]; then
echo Secret exists
fi
或另一种方式:
keyVaultName=myKeyVault
secretName=myKey
if az keyvault secret list --vault-name $keyVaultName --query "[].name" | grep $secretName
then
echo Secret exists
fi
用 powershell 修改了 @Roozbeh 的答案:
$query = "contains([].id, 'https://$($vaultName).vault.azure.net/secrets/$($secret)')"
$exists = az keyvault secret list --vault-name $vaultName --query $query
// $exists is 'true' or 'false'