函数应用中检索主机密钥

函数应用中检索主机密钥

本文介绍了从 azure 函数应用中检索主机密钥的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 Azure cli 编写环境脚本.我已经创建了一些函数应用程序,并希望添加一个主机密钥或至少检索自动创建的默认密钥.azure cli 对此完全不支持.

I am trying to script an environment using the Azure cli. I have created a few function apps and would like to add a host key or at least retrieve the default one that is created automatically. The azure cli has no support at all for this.

函数本身似乎有一个 api(它的文档似乎很稀疏)允许我获取密钥,但是您需要一个密钥才能使用它,所以......没有帮助.

There seems to be an api (documentation for it seems to be sparse) on the function itself that allows me to get the keys, however you need a key to use it so.. no help there.

https://github.com/Azure/azure-webjobs-sdk-script/wiki/Key-management-API

例如:https://example-functions.azurewebsites.net/admin/host/keys?code=somecodeyoualreadyknow

我看过其他一些使用 webapps scm api 下载包含密钥的 json 文件的示例,但是我不确定如何使用此 API 进行身份验证.我有一个服务主体(用户 ID、密码、租户 ID),我希望不必在我的脚本中添加另一个身份验证方案.

I have seen some other examples that use the webapps scm api to download the json file that contains the keys however I'm not sure how to authenticate with this API. I have a service principal (userid, password, tenantid) and I was hoping to not have to add another authentication scheme to my script.

推荐答案

以下是步骤.

  1. 假设您已经拥有 Kudu 部署凭据.(听起来您已经知道如何执行此操作.您可以通过 ARM 调用从您的服务原则等处获取)
  2. 从 kudu 部署凭证中,您可以获得一个 JWT,让您可以调用 Functions 密钥 API.
  3. 您可以从 Functions API 中获取所有密钥(包括您的主密钥).

这是一个 powershell 脚本,它演示了从 Kudu 部署凭证到功能主密钥的确切调用:

Here's a powershell script that demonstrates the exact calls to go from Kudu deployment creds to Function Master key:

# You need to start with these:
$site = "YourSiteName"
$username='YourDeploymentUserName'
$password='YourDeploymentPassword'

# Now...
$apiBaseUrl = "https://$($site).scm.azurewebsites.net/api"
$siteBaseUrl = "https://$($site).azurewebsites.net"

# For authenticating to Kudu
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$password)))


# Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET

# Call Functions Key API to get the master key
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/systemkeys/_master" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method GET

$masterKey = $x.value

这篇关于从 azure 函数应用中检索主机密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 17:32