我有一个 github 操作,我正在尝试将 azure key Vault 中的秘密插入到我的 appsettings.json 中。我正在使用,https://github.com/Azure/get-keyvault-secrets,它正在工作,但收到警告说它已被弃用。
建议使用azure/CLI@v1,https://github.com/Azure/cli。如何设置脚本,以便我可以在另一个步骤中使用密钥的值,而不使用 set-output,因为它已被弃用?
这可行,但我不想再使用设置输出,因为它很快就会被禁用:
- name: Get Appsettings Key Vault Secrets
uses: azure/CLI@v1
with:
azcliversion: 2.30.0
inlineScript: |
echo "::set-output name=ApiKey::$(az keyvault secret show --vault-name keyvaultname --name ApiKey --query value -o tsv)"
id: azKeyVaultAppSettings
我试过这个
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get Appsettings Key Vault Secrets
uses: azure/CLI@v1
with:
azcliversion: 2.30.0
inlineScript: |
echo "name=ApiKeyName::add-mask::$(az keyvault secret show --vault-name keyvaultname --name ApiKeyName --query value -o tsv)" >> $GITHUB_OUTPUT
id: azKeyVaultAppSettings
- name: Setup .NET
uses: actions/setup-dotnet@v2
with:
dotnet-version: 5.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Swap appsettings vals
uses: microsoft/variable-substitution@v1
with:
files: 'UI/appsettings.json'
env:
ApiKeyName: ${{ steps.azKeyVaultAppSettings.outputs.ApiKeyName }}
这会将应用程序设置中的值设置为空字符串。还想知道如何设置它,以便当 Swap appsettings vals 步骤运行时它不会输出秘密值。
谢谢!
尝试以下 Github Action 工作流程,在下一步中获取 Key Vault Secret,而不使用如下所示的设置输出:-
我的 Github 操作工作流程:-
name: Azure Key Vault Secrets
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Login to Azure
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Get Key Vault Secret
run: |
value1=$(az keyvault secret show --name secret2 --vault-name silicon-keyvault --query value -o tsv)
echo "Secret Value: $value1"
echo "SECRET_VALUE=$value1" >> $GITHUB_ENV
- name: Output Secret Value
run: echo "Secret Value is $SECRET_VALUE"
输出:-
参考我的SO线程答案。