@azure/identity credentials.getToken('openid') returns null 而不是配置了环境变量的 DefaultAzureCredential() 的令牌?
@azure/identity credentials.getToken('openid') returns null instead of token for DefaultAzureCredential() with Environment variables configed?
我正在尝试从 Azure 的密钥库中检索一些机密,但我似乎无法使用 @azure/identity 模块进行身份验证。
版本:
"@azure/identity": "^1.0.0-preview.6",
"@azure/keyvault-secrets": "^4.0.0-preview.9",
当我尝试获取令牌时:
import { KeyVaultSecret, SecretClient } from '@azure/keyvault-secrets';
import { EnvironmentCredential } from '@azure/identity';
export const GetSecret = async (key: string): Promise<string> => {
try {
const credential: EnvironmentCredential = new EnvironmentCredential();
const token = await credential.getToken('openid');
console.log(token);
console.log('CREDENTIAL: ', credential);
console.log('CLIENT SECRET', process.env.AZURE_CLIENT_SECRET);
console.log('CLIENT ID', process.env.AZURE_CLIENT_ID);
return 'test'
} catch (err) {
console.error('Error getting secret from Azure Vault', err);
}
};
控制台结果:
CREDENTIAL: DefaultAzureCredential {
[10/28/2019 2:39:27 PM] _sources:
[10/28/2019 2:39:27 PM] [ EnvironmentCredential { _credential: undefined },
[10/28/2019 2:39:27 PM] ManagedIdentityCredential {
[10/28/2019 2:39:27 PM] isEndpointUnavailable: null,
[10/28/2019 2:39:27 PM] identityClient: [IdentityClient] } ] }
您是否为 CLIENT_SECRET 和 CLIENT_ID 设置了适当的环境变量?
EnvironmentCredential() class 希望您配置这些变量。通常,您会创建一个服务主体 (SP) 供您的应用程序使用。然后,您可以将 RBAC 应用于此服务主体,例如,通过将 Reader 角色或 KeyVault 贡献者角色分配给 SP。
如果您不想走这条路,请改为查看 SAS 令牌:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-keys
我正在尝试从 Azure 的密钥库中检索一些机密,但我似乎无法使用 @azure/identity 模块进行身份验证。
版本:
"@azure/identity": "^1.0.0-preview.6",
"@azure/keyvault-secrets": "^4.0.0-preview.9",
当我尝试获取令牌时:
import { KeyVaultSecret, SecretClient } from '@azure/keyvault-secrets';
import { EnvironmentCredential } from '@azure/identity';
export const GetSecret = async (key: string): Promise<string> => {
try {
const credential: EnvironmentCredential = new EnvironmentCredential();
const token = await credential.getToken('openid');
console.log(token);
console.log('CREDENTIAL: ', credential);
console.log('CLIENT SECRET', process.env.AZURE_CLIENT_SECRET);
console.log('CLIENT ID', process.env.AZURE_CLIENT_ID);
return 'test'
} catch (err) {
console.error('Error getting secret from Azure Vault', err);
}
};
控制台结果:
CREDENTIAL: DefaultAzureCredential {
[10/28/2019 2:39:27 PM] _sources:
[10/28/2019 2:39:27 PM] [ EnvironmentCredential { _credential: undefined },
[10/28/2019 2:39:27 PM] ManagedIdentityCredential {
[10/28/2019 2:39:27 PM] isEndpointUnavailable: null,
[10/28/2019 2:39:27 PM] identityClient: [IdentityClient] } ] }
您是否为 CLIENT_SECRET 和 CLIENT_ID 设置了适当的环境变量?
EnvironmentCredential() class 希望您配置这些变量。通常,您会创建一个服务主体 (SP) 供您的应用程序使用。然后,您可以将 RBAC 应用于此服务主体,例如,通过将 Reader 角色或 KeyVault 贡献者角色分配给 SP。
如果您不想走这条路,请改为查看 SAS 令牌:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-keys