无法通过 'os.environ["VAULT_URL]" 从 Python 脚本访问 Azure Key Vault - 密钥错误:“VAULT_URL”

问题描述 投票:0回答:1

我在从 python 脚本访问 Azure Key Vault 时遇到问题(部署前调试),该脚本无法找到环境变量“VAULT_URL”,即使我已在 Azure 门户上的 Function App 的环境变量中设置了该变量。

我需要做的就是检索机密并稍后在脚本中使用它们,我使用此代码作为从此链接的直接复制/粘贴来测试密钥保管库连接以及它是否可以在部署后工作https:// github.com/Azure/azure-sdk-for-python/blob/main/sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py#L37

app = func.FunctionApp()

@app.schedule(schedule="0 */5 * * * *", arg_name="myTimer", run_on_startup=True,
              use_monitor=False) 
def timer_trigger(myTimer: func.TimerRequest) -> None:
    if myTimer.past_due:
        logging.info('The timer is past due!')

    logging.info('Python timer trigger function executed.')

    print("hello world!")

    logging.info(os.environ)
    # Instantiate a secret client that will be used to call the service.
    # Here we use the DefaultAzureCredential, but any azure-identity credential can be used.
    # [START create_secret_client]
    VAULT_URL = os.environ["VAULT_URL"]
    credential = DefaultAzureCredential()
    client = SecretClient(vault_url=VAULT_URL, credential=credential)
    # [END create_secret_client]

    # Let's create a secret holding bank account credentials valid for 1 year.
    # if the secret already exists in the Key Vault, then a new version of the secret is created.
    print("\n.. Create Secret")
    expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
    secret = client.set_secret("helloWorldSecretName", "helloWorldSecretValue", expires_on=expires)
    assert secret.name
    print(f"Secret with name '{secret.name}' created with value '{secret.value}'")
    print(f"Secret with name '{secret.name}' expires on '{secret.properties.expires_on}'")

    # Let's get the bank secret using its name
    print("\n.. Get a Secret by name")
    bank_secret = client.get_secret(secret.name)
    assert bank_secret.properties.expires_on
    print(f"Secret with name '{bank_secret.name}' was found with value '{bank_secret.value}'.")

    # After one year, the bank account is still active, we need to update the expiry time of the secret.
    # The update method can be used to update the expiry attribute of the secret. It cannot be used to update
    # the value of the secret.
    print("\n.. Update a Secret by name")
    expires = bank_secret.properties.expires_on + datetime.timedelta(days=365)
    updated_secret_properties = client.update_secret_properties(secret.name, expires_on=expires)
    print(f"Secret with name '{secret.name}' was updated on date '{updated_secret_properties.updated_on}'")
    print(f"Secret with name '{secret.name}' was updated to expire on '{updated_secret_properties.expires_on}'")

    # Bank forced a password update for security purposes. Let's change the value of the secret in the Key Vault.
    # To achieve this, we need to create a new version of the secret in the Key Vault. The update operation cannot
    # change the value of the secret.
    new_secret = client.set_secret(secret.name, "newSecretValue")
    print(f"Secret with name '{new_secret.name}' created with value '{new_secret.value}'")

    # The bank account was closed, need to delete its credentials from the Key Vault.
    print("\n.. Deleting Secret...")
    client.begin_delete_secret(secret.name)
    print(f"Secret with name '{secret.name}' was deleted.")

它给我的错误如下 enter image description here

这是我想要访问的环境变量,以便能够在本地和部署后访问我的 Key Vault

enter image description here

错误似乎围绕环境变量“VAULT_URL”

我已尝试使用此代码来检索秘密:

keyVaultName = "<Key-vault-name>"
        KVUri = f"https://{keyVaultName}.vault.azure.net"

        credential = DefaultAzureCredential()
        client = SecretClient(vault_url=KVUri, credential=credential)

        
        username = client.get_secret("username").value
        password = client.get_secret("password").value
        security_token = client.get_secret("security-token").value
        domain = client.get_secret("domain").value
        
        sharepoint_username = client.get_secret("sharepoint-username").value
        sharepoint_password = client.get_secret("sharepoint-password").value
        sharepoint_clientID = client.get_secret("sharepoint-clientID").value
        sharepoint_clientSecret = client.get_secret("sharepoint-clientSecret").value
        sharepoint_tenantID = client.get_secret("sharepoint-tenantID").value

它在本地工作,但在远程运行时(部署后),无法访问密钥保管库,出现 403 错误,我有一个托管实例,该实例在我的密钥保管库上分配了密钥保管库管理员的角色,但这不起作用,并且所以我认为可能是我的代码在部署后没有连接到密钥保管库

python azure azure-functions azure-keyvault
1个回答
0
投票

您必须使用

os.environ.get()
从Function App中的应用程序设置中获取值。

首先创建一个应用程序设置:

enter image description here

下面是对我有用的代码

import azure.functions as func
import logging
import os

app = func.FunctionApp(http_auth_level=func.AuthLevel.FUNCTION)
@app.route(route="http_trigger")
def http_trigger(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    rith_val=os.environ.get("Value")
    print(rith_val)
    return func.HttpResponse(f"Hello, Rithwik Bojja . The Value is {rith_val}")

输出:

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.