我想通过azure devops任务为我的应用程序服务上传.pfx证书.有人可以帮我如何通过ARM模板上传证书吗?
I want to upload .pfx certificate for my app service through azure devops task. can some one please help me on how to upload certificate through ARM Template
You can follow below steps to upload certificate with ARM.
1,Go to the secure files under Pipelines, Library and upload your certificate.
2,添加下载安全文件任务以将证书下载到管道中.您可以通过路径$(<mySecureFile>.secureFilePath) or $(Agent.TempDirectory)
2, Add a download secure file task to download your certificate to your pipeline. you can reference to it by the path $(<mySecureFile>.secureFilePath) or $(Agent.TempDirectory)
. Check here for more information about predefined variables
3, add a powershell task to run below scripts to transform your certificate to base64 string. And store it to a self-defined environment variable certificateBase64Content
. Check here to learn more about variables
$secName = "<certificateName>.pfx
$tempDirectory = $env:AGENT_TEMPDIRECTORY
$pfxFilePath = Join-Path $tempDirectory $secName
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$cert.Import($pfxFilePath, "$(certificatePassword)", $flag)
$bin = $cert.RawData
$base64Value = [System.Convert]::ToBase64String($bin)
Write-Host "##vso[task.setvariable variable=certificateBase64Content;]$base64Value"
4,create a keyvault and grand the Microsoft.Web resource provider access to the KeyVault to get the certificate, which will be stored in the keyvault.
请检查博客"使用必需的设置创建KeyVault ,用于ARM模板示例.
Please check blog "Create the KeyVault with the required settings" part for ARM template example.
5, Store the certificate in the keyvault created in above step.
请检查博客 将证书存储在KeyVault中 部分以获取ARM模板示例.
Please check blog Store the certificate in KeyVault part for ARM template example.
6, Refer to the last step of the blog Deploy the certificate to your Web App to deploy your certificate.
在以上博客中,Azure资源组部署任务中覆盖了ARM模板中定义的参数.您可以在 azure资源组部署任务中的模板设置下进行配置.
In above blog, the parameters defined in ARM template are override in the Azure resource group deployment task. You can configure this under the Template setting in the azure resource group deployment task
If you donot want to use keyvault. You can omit above step 4,and 5. And directly upload the cretificate after your cerficate being transformed and stored in the self-defined variable in above step 3. You need to replace parameters('certificatePfxBase64')
with your self-defined variable certificateBase64Content
"variables": {
"certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"
"resources": [
"apiVersion": "2015-08-01",
"name": "[variables('certificateName')]",
"type": "Microsoft.Web/certificates",
"location": "[resourceGroup().location]",
"properties": {
"pfxBlob": "[parameters('certificatePfxBase64')]",
"password": "[parameters('certificatePfxPassword')]"
"tags": {
"displayName": "Certificate"
这篇关于通过azure devops管道上传.pfx证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!