Azure API 密钥轮换管理
Azure API Management with Key Rotation
我正在使用 KeyVault 存储 Ocp-Apim-Subscription-Key。应用程序正在从 KeyVault 获取此密钥并成功向 API 管理发出请求。
但现在,我想在 Runbooks 中使用 powershell 脚本经常轮换这个 Ocp-Apim-Subscription-Key。我找不到通过 powershell 重新生成 Ocp-Apim-Subscription-Key 的方法。这可能吗 ?如果还有其他选项可以轮换此密钥,请告诉我。
绝对有可能通过 API:
- https://docs.microsoft.com/en-us/rest/api/apimanagement/subscription/regenerateprimarykey
- https://docs.microsoft.com/en-us/rest/api/apimanagement/subscription/regeneratesecondarykey
也应该在 PS 中。
# Get API Management Services information and set context
$ApiManagements = Get-AzApiManagement
foreach ($ApiManagement in $ApiManagements)
{
$ApiManagementContext = New-AzApiManagementContext -ResourceId $ApiManagement.Id
# Get all API Management Subscriptions
$ApiManagementSubscriptions = Get-AzApiManagementSubscription -Context $ApiManagementContext
foreach ($ApiManagementSubscription in $ApiManagementSubscriptions)
{
# Update the Keys
$PrimaryKey = (New-Guid) -replace '-',''
$SecondaryKey = (New-Guid) -replace '-',''
Set-AzApiManagementSubscription -Context $ApiManagementContext -SubscriptionId $ApiManagementSubscription.SubscriptionId -PrimaryKey $PrimaryKey `
-SecondaryKey $SecondaryKey -State Active
}
}
我正在使用 KeyVault 存储 Ocp-Apim-Subscription-Key。应用程序正在从 KeyVault 获取此密钥并成功向 API 管理发出请求。
但现在,我想在 Runbooks 中使用 powershell 脚本经常轮换这个 Ocp-Apim-Subscription-Key。我找不到通过 powershell 重新生成 Ocp-Apim-Subscription-Key 的方法。这可能吗 ?如果还有其他选项可以轮换此密钥,请告诉我。
绝对有可能通过 API:
- https://docs.microsoft.com/en-us/rest/api/apimanagement/subscription/regenerateprimarykey
- https://docs.microsoft.com/en-us/rest/api/apimanagement/subscription/regeneratesecondarykey
也应该在 PS 中。
# Get API Management Services information and set context
$ApiManagements = Get-AzApiManagement
foreach ($ApiManagement in $ApiManagements)
{
$ApiManagementContext = New-AzApiManagementContext -ResourceId $ApiManagement.Id
# Get all API Management Subscriptions
$ApiManagementSubscriptions = Get-AzApiManagementSubscription -Context $ApiManagementContext
foreach ($ApiManagementSubscription in $ApiManagementSubscriptions)
{
# Update the Keys
$PrimaryKey = (New-Guid) -replace '-',''
$SecondaryKey = (New-Guid) -replace '-',''
Set-AzApiManagementSubscription -Context $ApiManagementContext -SubscriptionId $ApiManagementSubscription.SubscriptionId -PrimaryKey $PrimaryKey `
-SecondaryKey $SecondaryKey -State Active
}
}