使用ms rest azure向azure keyvault进行身份验证?
我有一个节点项目,我正在使用以下库:使用ms rest azure向azure keyvault进行身份验证?,azure,npm,azure-keyvault,azure-api-apps,azure-cli,Azure,Npm,Azure Keyvault,Azure Api Apps,Azure Cli,我有一个节点项目,我正在使用以下库: import { KeyVaultClient } from "azure-keyvault"; import * as msRestAzure from 'ms-rest-azure'; 以下是它们的链接: https://www.npmjs.com/package/azure-keyvault https://www.npmjs.com/package/ms-rest-azure 我正在尝试使用azure keyvault在我的vault中获取秘密
import { KeyVaultClient } from "azure-keyvault";
import * as msRestAzure from 'ms-rest-azure';
https://www.npmjs.com/package/azure-keyvault
https://www.npmjs.com/package/ms-rest-azure
let vaultClient = new KeyVaultClient(credentials);
vaultClient.getSecret(secretURI)
.then(function (result) {
CLogger.log("error", "Result: "+JSON.stringify(result));
return result.value.toString();
})
.catch(function (error) {
CLogger.log("error", "Error occurred while getting the secret "+secretName+": " + JSON.stringify(error));
throw "Error occurred while getting secret. Check log files" ;
})
import * as msRestAzure from 'ms-rest-azure';
msRestAzure.loginWithServicePrincipalSecret(clientID, clientKey, domainID)
{
"environment":{
"validateAuthority":true,
"name":"Azure",
"portalUrl":"https://portal.azure.com",
"publishingProfileUrl":"http://go.microsoft.com/fwlink/?LinkId=254432",
"managementEndpointUrl":"https://management.core.windows.net",
"resourceManagerEndpointUrl":"https://management.azure.com/",
"sqlManagementEndpointUrl":"https://management.core.windows.net:8443/",
"sqlServerHostnameSuffix":".database.windows.net",
"galleryEndpointUrl":"https://gallery.azure.com/",
"activeDirectoryEndpointUrl":"https://login.microsoftonline.com/",
"activeDirectoryResourceId":"https://management.core.windows.net/",
"activeDirectoryGraphResourceId":"https://graph.windows.net/",
"activeDirectoryGraphApiVersion":"2013-04-05",
"storageEndpointSuffix":".core.windows.net",
"keyVaultDnsSuffix":".vault.azure.net",
"azureDataLakeStoreFileSystemEndpointSuffix":"azuredatalakestore.net",
"azureDataLakeAnalyticsCatalogAndJobEndpointSuffix":"azuredatalakeanalytics.net"
},
"authorizationScheme":"Bearer",
"tokenCache":{
"_entries":[
{
"tokenType":"Bearer",
"expiresIn":3599,
"expiresOn":"2018-02-06T22:00:45.439Z",
"resource":"https://management.core.windows.net/",
"accessToken":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNT...",
"isMRRT":true,
"_clientId":"51dc31c8-27e7-4a05-9d6b-62c0710c2ad3",
"_authority":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
}
]
},
"clientId":"51dc31c8-...",
"domain":"3a41ae53-...",
"secret":"k7JlWcPdpK...",
"context":{
"_authority":{
"_log":{
"_componentName":"Authority",
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
},
"_url":{
"protocol":"https:",
"slashes":true,
"auth":null,
"host":"login.microsoftonline.com",
"port":null,
"hostname":"login.microsoftonline.com",
"hash":null,
"search":null,
"query":null,
"pathname":"/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"path":"/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"href":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
},
"_validated":true,
"_host":"login.microsoftonline.com",
"_tenant":"3a41ae53-fb35-4431-be7b-a0b3e1aee3c0",
"_authorizationEndpoint":null,
"_tokenEndpoint":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0/oauth2/token",
"_deviceCodeEndpoint":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0/oauth2/devicecode",
"_isAdfsAuthority":false,
"_callContext":{
"options":{
},
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
}
},
"_oauth2client":null,
"_correlationId":null,
"_callContext":{
"options":{
},
"_logContext":{
"correlationId":"ceb8d4fe-135c-48a3-8b19-f50310c026b9"
}
},
"_cache":{
"_entries":[
{
"tokenType":"Bearer",
"expiresIn":3599,
"expiresOn":"2018-02-06T22:00:45.439Z",
"resource":"https://management.core.windows.net/",
"accessToken":"eyJ0eXAiOiJKV1QiLCJhbGciOi...",
"isMRRT":true,
"_clientId":"51dc31c8-27e7-4a05-9d6b-62c0710c2ad3",
"_authority":"https://login.microsoftonline.com/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0"
}
]
},
"_tokenRequestWithUserCode":{
}
}
}
{
"statusCode":401,
"request":{
"rawResponse":false,
"queryString":{
},
"url":"https://myVault.vault.azure.net/secrets/mySecret/?api-version=2016-10-01",
"method":"GET",
"headers":{
"x-ms-client-request-id":"95251650-6fcc-467b-8cd7-a23bf22a7a3c",
"accept-language":"en-US",
"Content-Type":"application/json; charset=utf-8",
"user-agent":"Node/v6.11.2 (x64-Windows_NT-10.0.16299) ms-rest/2.3.0 ms-rest-azure/2.5.2 azure-keyvault/2.0.1-preview Azure-SDK-For-Node"
},
"body":null
},
"response":{
"body":"",
"headers":{
"cache-control":"no-cache",
"pragma":"no-cache",
"expires":"-1",
"server":"Microsoft-IIS/8.5",
"www-authenticate":"Bearer authorization=\"https://login.windows.net/3a41ae53-fb35-4431-be7b-a0b3e1aee3c0\", resource=\"https://vault.azure.net\"",
"x-ms-keyvault-region":"westus2",
"x-ms-request-id":"75929ac8-f1ed-441d-9ed0-82ab23c86be5",
"x-ms-keyvault-service-version":"1.0.0.839",
"x-aspnet-version":"4.0.30319",
"x-powered-by":"ASP.NET",
"strict-transport-security":"max-age=31536000;includeSubDomains",
"x-content-type-options":"nosniff",
"date":"Tue, 06 Feb 2018 21:00:45 GMT",
"connection":"close",
"content-length":"0"
},
"statusCode":401
}
}
在您的令牌中,资源是错误的 你应该使用https://vault.azure.net 而不是https://management.core.windows.net/. 这主要是因为我需要使用 ServicePrincipalSecret和MSI。据我所知,阿达尔图书馆 不支持MSI登录
import * as msRestAzure from 'ms-rest-azure';
msRestAzure.loginWithServicePrincipalSecret(clientID, clientKey, domainID)
有关此项的更多信息请参见此项。您好,您还可以使用ServicePrincipalSecretClientID、secret、domain、OptionSelect、OptionCallbackopt检查此项→ {函数|承诺}。也许你们可以试着设置环境。对不起,我不太擅长节点js。在java中,我可以创建如下的身份验证文件managementURI=https\://management.core.windows.net/希望对您有所帮助。但我更建议您使用msRestAzure.loginWithAppServiceMSI{resource:'https://vault.azure.net'}; 现在,您使用MSI登录,此方法更适合您的场景。只需登录以查看提供的信息是否有用。请让我知道,如果你想进一步的援助。哦,我们搁置了这个项目,所以我不确定这是否会工作,虽然它看起来不错,所以我会标记为解决它。