Azure 如何检查某个证书是否已存在于keyvault中?
在每晚的Azure管道构建中,我有两项任务:Azure 如何检查某个证书是否已存在于keyvault中?,azure,azure-pipelines,azure-powershell,azure-keyvault,azure-cli,Azure,Azure Pipelines,Azure Powershell,Azure Keyvault,Azure Cli,在每晚的Azure管道构建中,我有两项任务: 首先,我从keyvault中删除并清除自签名证书 然后我将相同的自签名证书导入keyvault 我这样做的原因是为了确保keyvault中始终存在某个证书 这是我目前的代码: # purge the self-signed cert from the Keyvault to avoid conflict; ignore failures - task: AzureCLI@2 inputs: azureSubscription: '${
- 首先,我从keyvault中删除并清除自签名证书
- 然后我将相同的自签名证书导入keyvault
# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures
- task: AzureCLI@2
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
continueOnError: true
failOnStandardError: false
powerShellErrorActionPreference: 'silentlyContinue'
inlineScript: |
az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
# import the self-signed certificate my-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
我的问题是:
我如何检查密钥库中是否已经有证书
(因为我使用ARM模板,并且资源保持运行,不会被删除,而管道每天晚上都在运行)
如果有证书,如何跳过上述两项任务(Azure cli和PowerShell)
我不太明白如何在管道YAML文件中使用条件。YAML不能包含条件,因此您需要做的是处理powershell脚本中的逻辑 有一个命令用于检查给定证书是否存在于vault中,那么这样做怎么样
$cert = Get-AzureKeyVaultCertificate -VaultName "ContosoKV01" -Name "TestCert01"
if(!$cert) {
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
}
如果出于某种原因还需要删除和清除og证书,也可以在PowerShell中执行。不确定为什么在当前设置中同时使用CLI和普通PowerShell?谢谢!我必须使用“az keyvault证书清除”,因为PowerShell中没有清除命令。如果我只是(不进行后续清除),然后尝试导入AzKeyVaultCertificate,后一个命令将失败。您可以这样清除:
删除AzureKeyVaultCertificate-VaultName'Contoso'-Name'MyCert'-InRemovedState