通过 keyvault 连接到 sql 服务器
connection to sql server via keyvault
我正在使用一个 powershell 脚本,我需要通过 keyvault 连接到 SSISDB 数据库但出现错误:
Exception calling "Open" with "0" argument(s): "Login failed for user ''."
这是我在代码中使用的连接字符串:
$env = Get-AutomationVariable -Name 'Env'
$vaultName = 'ab-'+$env.ToLower()+'-bi-keyvault'
$dataSource = 'ab'+$env.ToLower()+'dbserver01.database.windows.net'
Write-Output "vaultName: " $vaultName
$password = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBPassword'
$userName = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBUsername'
$passwordSecret = $password.SecretValueText
$userNameSecret = $userName.SecretValueText
##########################################################
Write-Output "SSISDB"
Write-Output "JOB START"
# Create connection to Master DB
$database = 'SSISDB'
Write-Output "Running job on " $database
$MasterDatabaseConnection = New-Object System.Data.SqlClient.SqlConnection
$MasterDatabaseConnection.ConnectionString = "Data Source=$dataSource;Initial Catalog=$database;Integrated Security=False;User ID=$userNameSecret ;Password=$passwordSecret ;Connect Timeout=60;Encrypt=False;TrustServerCertificate=False"
如果我直接在代码中使用 userid/password 检查连接,它确实有效,但不适用于 keyvault。你知道我的代码有什么问题吗?
Get-AzKeyVaultSecret 默认情况下不 return 秘密对象的值。
根据 docs,您应该使用:
$passwordSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBPassword' -AsPlainText
$userNameSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBUsername' -AsPlainText
我不知道为什么 SecretValueText 不起作用。
我正在使用一个 powershell 脚本,我需要通过 keyvault 连接到 SSISDB 数据库但出现错误:
Exception calling "Open" with "0" argument(s): "Login failed for user ''."
这是我在代码中使用的连接字符串:
$env = Get-AutomationVariable -Name 'Env'
$vaultName = 'ab-'+$env.ToLower()+'-bi-keyvault'
$dataSource = 'ab'+$env.ToLower()+'dbserver01.database.windows.net'
Write-Output "vaultName: " $vaultName
$password = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBPassword'
$userName = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBUsername'
$passwordSecret = $password.SecretValueText
$userNameSecret = $userName.SecretValueText
##########################################################
Write-Output "SSISDB"
Write-Output "JOB START"
# Create connection to Master DB
$database = 'SSISDB'
Write-Output "Running job on " $database
$MasterDatabaseConnection = New-Object System.Data.SqlClient.SqlConnection
$MasterDatabaseConnection.ConnectionString = "Data Source=$dataSource;Initial Catalog=$database;Integrated Security=False;User ID=$userNameSecret ;Password=$passwordSecret ;Connect Timeout=60;Encrypt=False;TrustServerCertificate=False"
如果我直接在代码中使用 userid/password 检查连接,它确实有效,但不适用于 keyvault。你知道我的代码有什么问题吗?
Get-AzKeyVaultSecret 默认情况下不 return 秘密对象的值。
根据 docs,您应该使用:
$passwordSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBPassword' -AsPlainText
$userNameSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name 'DBUsername' -AsPlainText
我不知道为什么 SecretValueText 不起作用。