问题描述
我们遇到的问题是将密钥保管库中的密钥链接到Azure DevOps中的变量组。
We are having issues with linking secretes from a Key Vault into a variable group in Azure DevOps.
基本上我们有一个具有IP限制的密钥保险库,并且还连接到VNET。它还具有"允许受信任的Microsoft服务绕过此防火墙"。设置已启用。 Azure DevOps不是其中列出的服务之一。
Basically we have a Key Vault with IP restrictions and also connected to VNET. It also has the "Allow trusted Microsoft services to bypass this firewall" setting enabled. Azure DevOps is not one of the services listed in those.
Azure DevOps中使用的服务端点在密钥保管库的访问策略中启用了正确的权限(获取/列出机密)。我们已经测试并验证了如果我们禁用IP限制,那么从密钥保险库中链接Azure
DevOps中的秘密没有问题。因此,此问题必须专门针对Key Vault的IP限制和Azure DevOps不兼容性。
The Service Endpoint used in Azure DevOps has the correct permissions (Get/List secrets) enabled in the Key Vault's Access policies. We have tested and verified that if we disable the IP restrictions there is no issue / problems with linking secrets in Azure DevOps from the Key Vault. So this issue has to do specifically with Key Vault's IP restrictions and Azure DevOps incompatibility.
是否有可行的解决方法?
Is there any feasible workaround for this?
我觉得很奇怪,在官方文档中没有提到这一点
I find very strange that there is no mention about this in the official documentation
BR
Masi Malmi
BR
Masi Malmi
推荐答案
这篇关于Azure DevOps:从具有IP限制的Azure Key Vault链接机密 - 授权失败?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!