我在从 python 脚本访问 Azure Key Vault 时遇到问题(部署前调试),该脚本无法找到环境变量“VAULT_URL”,即使我已在 Azure 门户上的 Function App 的环境变量中设置了该变量。
我需要做的就是检索机密并稍后在脚本中使用它们,我使用此代码作为从此链接的直接复制/粘贴来测试密钥保管库连接以及它是否可以在部署后工作https:// github.com/Azure/azure-sdk-for-python/blob/main/sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py#L37:
app = func.FunctionApp()
@app.schedule(schedule="0 */5 * * * *", arg_name="myTimer", run_on_startup=True,
use_monitor=False)
def timer_trigger(myTimer: func.TimerRequest) -> None:
if myTimer.past_due:
logging.info('The timer is past due!')
logging.info('Python timer trigger function executed.')
print("hello world!")
logging.info(os.environ)
# Instantiate a secret client that will be used to call the service.
# Here we use the DefaultAzureCredential, but any azure-identity credential can be used.
# [START create_secret_client]
VAULT_URL = os.environ["VAULT_URL"]
credential = DefaultAzureCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credential)
# [END create_secret_client]
# Let's create a secret holding bank account credentials valid for 1 year.
# if the secret already exists in the Key Vault, then a new version of the secret is created.
print("\n.. Create Secret")
expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
secret = client.set_secret("helloWorldSecretName", "helloWorldSecretValue", expires_on=expires)
assert secret.name
print(f"Secret with name '{secret.name}' created with value '{secret.value}'")
print(f"Secret with name '{secret.name}' expires on '{secret.properties.expires_on}'")
# Let's get the bank secret using its name
print("\n.. Get a Secret by name")
bank_secret = client.get_secret(secret.name)
assert bank_secret.properties.expires_on
print(f"Secret with name '{bank_secret.name}' was found with value '{bank_secret.value}'.")
# After one year, the bank account is still active, we need to update the expiry time of the secret.
# The update method can be used to update the expiry attribute of the secret. It cannot be used to update
# the value of the secret.
print("\n.. Update a Secret by name")
expires = bank_secret.properties.expires_on + datetime.timedelta(days=365)
updated_secret_properties = client.update_secret_properties(secret.name, expires_on=expires)
print(f"Secret with name '{secret.name}' was updated on date '{updated_secret_properties.updated_on}'")
print(f"Secret with name '{secret.name}' was updated to expire on '{updated_secret_properties.expires_on}'")
# Bank forced a password update for security purposes. Let's change the value of the secret in the Key Vault.
# To achieve this, we need to create a new version of the secret in the Key Vault. The update operation cannot
# change the value of the secret.
new_secret = client.set_secret(secret.name, "newSecretValue")
print(f"Secret with name '{new_secret.name}' created with value '{new_secret.value}'")
# The bank account was closed, need to delete its credentials from the Key Vault.
print("\n.. Deleting Secret...")
client.begin_delete_secret(secret.name)
print(f"Secret with name '{secret.name}' was deleted.")
这是我想要访问的环境变量,以便能够在本地和部署后访问我的 Key Vault
错误似乎围绕环境变量“VAULT_URL”
我已尝试使用此代码来检索秘密:
keyVaultName = "<Key-vault-name>"
KVUri = f"https://{keyVaultName}.vault.azure.net"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)
username = client.get_secret("username").value
password = client.get_secret("password").value
security_token = client.get_secret("security-token").value
domain = client.get_secret("domain").value
sharepoint_username = client.get_secret("sharepoint-username").value
sharepoint_password = client.get_secret("sharepoint-password").value
sharepoint_clientID = client.get_secret("sharepoint-clientID").value
sharepoint_clientSecret = client.get_secret("sharepoint-clientSecret").value
sharepoint_tenantID = client.get_secret("sharepoint-tenantID").value
它在本地工作,但在远程运行时(部署后),无法访问密钥保管库,出现 403 错误,我有一个托管实例,该实例在我的密钥保管库上分配了密钥保管库管理员的角色,但这不起作用,并且所以我认为可能是我的代码在部署后没有连接到密钥保管库
您必须使用
os.environ.get()
从Function App中的应用程序设置中获取值。
首先创建一个应用程序设置:
下面是对我有用的代码:
import azure.functions as func
import logging
import os
app = func.FunctionApp(http_auth_level=func.AuthLevel.FUNCTION)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
rith_val=os.environ.get("Value")
print(rith_val)
return func.HttpResponse(f"Hello, Rithwik Bojja . The Value is {rith_val}")
输出: