Azure DevOps / Azure KeyVault:通过模板部署添加服务主体
Azure DevOps / Azure KeyVault: add Service Principal via Template deployment
我正在使用 ARM 模板部署 Azure Key Vault,并希望将服务主体添加到访问控制策略。因此,我在 Azure Active Directory 中创建了一个应用程序并获取了该应用程序的对象 ID:
然后我将条目添加到参数文件中:
"accessPolicies": {
"value": [
{
"objectId": "xxx",
"tenantId": "xxx",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
]
}
但在后续的 Azure Key Vault 任务中,我收到 Access Denied 错误。
我需要做什么才能通过具有适当访问权限的模板部署将服务主体添加到 Azure Key Vault?
问题是选择了 "wrong" 对象 ID。不是从 App registrations 获取对象 ID,而是从 Enterprise applications
获取它
通过 UI 到达那里的另一个选项是单击 Managed application in local directory -> Properties
我正在使用 ARM 模板部署 Azure Key Vault,并希望将服务主体添加到访问控制策略。因此,我在 Azure Active Directory 中创建了一个应用程序并获取了该应用程序的对象 ID:
然后我将条目添加到参数文件中:
"accessPolicies": {
"value": [
{
"objectId": "xxx",
"tenantId": "xxx",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers"
]
}
}
]
}
但在后续的 Azure Key Vault 任务中,我收到 Access Denied 错误。
我需要做什么才能通过具有适当访问权限的模板部署将服务主体添加到 Azure Key Vault?
问题是选择了 "wrong" 对象 ID。不是从 App registrations 获取对象 ID,而是从 Enterprise applications
通过 UI 到达那里的另一个选项是单击 Managed application in local directory -> Properties