我需要将 Azure KeyVault 中存储的机密从一个保管库迁移到另一个保管库。
我有一个几乎可以运行的脚本;然而,有些密码中含有&,导致密码无法完整写入。它将秘密写入到 & 但省略后面的任何内容。
我试图逃避 & 但这似乎不起作用。
我得到的错误是:
‘19!7e’不被识别为内部或外部命令,可操作 程序或批处理文件。
这就是秘密的内容,在&之后。
我需要修改什么?
Param(
[string] $originVault = 'a',
[string] $originSubscriptionId = 'b',
[string] $destinationVault = 'c',
[string] $destinationSubscriptionId = 'd',
[string] $disableDestinationSecrets = $true
)
# 1. Set the source subscription id.
Write-Host "Setting origin subscription to: $($originSubscriptionId)..."
az account set -s $originSubscriptionId
# 1.1 Get all secrets
Write-Host "Listing all origin secrets from vault: $($originVault)"
$originSecretKeys = az keyvault secret list --vault-name $originVault -o json --query "[].name" | ConvertFrom-Json
# 1.3 Loop secrets into PSCustomObjects
$secretObjects = $originSecretKeys | ForEach-Object {
Write-Host " - Getting secret value for '$($_)'"
$secret = az keyvault secret show --name $_ --vault-name $originVault -o json | ConvertFrom-Json
[PSCustomObject]@{
secretName = $_;
secretValue = $secret.value;
}#endcustomobject.
}#endforeach.
Write-Host "Done fetching secrets..."
# 2. Set the destination subscription id.
Write-Host "Setting destination subscription to: $($destinationSubscriptionId)..."
az account set -s $destinationSubscriptionId
# 2.2 Loop secrets objects, and set secrets in destination vault
Write-Host "Writing all destination secrets to vault: $($destinationVault)"
#doesn't work
# $secretObjects | ForEach-Object {
# Write-Host " - Setting secret value for '$($_.secretName)'"
# az keyvault secret set --vault-name $destinationVault --name "$($_.secretName)" --value "$($_.secretValue)" --disabled $disableDestinationSecrets -o none
# }
##also doesn't work
$secretObjects | ForEach-Object {
Write-Host " - Setting secret value for '$($_.secretName)'"
$escapedSecretValue = $_.secretValue -replace '&', '``&'
az keyvault secret set --vault-name $destinationVault --name "$($_.secretName)" --value "$escapedSecretValue" --disabled $disableDestinationSecrets -o none
}
# 3. Clean up
Write-Host "Cleaning up and exiting."
Remove-Variable secretObjects
Remove-Variable originSecretKeys
Write-Host "Finished."
感谢原作者: https://zimmergren.net/backup-azure-key-vault-secrets-keys-certificates/
请在命令中将秘密值用单引号 (') 括起来,而不是 (")。
所以,你的命令可能是这样的
az keyvault secret set --vault-name $destinationVault --name "$($_.secretName)" --value '$($_.secretValue)' --disabled $disableDestinationSecrets -o none