azure-keyvault-secrets python 包中的 SecretClient class 引发意外错误
SecretClient class in azure-keyvault-secrets python package throws unexpected errir
我一直在尝试让我的 python 脚本从 Azure 密钥保管库中检索机密。对于身份验证,我一直在使用 ServicePrincipal 凭证和 SecretClient class 附带的 Azure-keyvault-secrets 包。但它抛出一个错误,这可能是因为 python 包中的任何更新。
谁能指出哪里出了问题?
from azure.common.credentials import ServicePrincipalCredentials
from azure.keyvault.secrets import SecretClient
CLIENT_ID '...' #app_id
TENANT_ID = '...'
KEY = '...'
credentials = ServicePrincipalCredentials(
client_id=CLIENT_ID,
secret=KEY,
tenant=TENANT_ID
)
vault_url = '...'
secret_name = "..."
secret_version = '...'
client = SecretClient(vault_url=vault_url, credential=credentials)
secret = client.get_secret(secret_name)
它给出了以下错误:
Traceback (most recent call last):
File "key-vault.py", line 23, in <module>
secret = client.get_secret("cromaprivate128")
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/tracing/decorator.py", line 71, in wrapper_use_tracer
return func(*args, **kwargs)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_client.py", line 71, in get_secret
**kwargs
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/_generated/v7_0/operations/_key_vault_client_operations.py", line 1621, in get_secret
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 208, in run
return first_node.send(pipeline_request) # type: ignore
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_redirect.py", line 157, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_retry.py", line 418, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 67, in send
self._handle_challenge(request, challenge)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 91, in _handle_challenge
access_token = self._credential.get_token(scope)
AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'
我们不能使用 ServicePrincipalCredentials 创建 SecretClient。因为 ServicePrincipalCredentials 无法提供访问令牌。如果您想访问密钥库,请尝试使用 sdk azure.identity.
提供的凭据
例如
1. 使用 Azure CLI 创建服务主体
az login
az ad sp create-for-rbac -n "MyApp" --sdk-auth
- 设置访问策略
az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get list set --key-permissions create decrypt delete encrypt get list unwrapKey wrapKe
- 代码
from azure.identity import ClientSecretCredential
from azure.keyvault.secrets import SecretClient
tenant_id="<your sp tenant>"
client_id="<your sp client id>"
client_secret="<your sp client secret>"
credential = ClientSecretCredential(tenant_id, client_id, client_secret)
secret_client = SecretClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)
secret = secret_client.get_secret("secret-name")
print(secret.name)
print(secret.value)
我一直在尝试让我的 python 脚本从 Azure 密钥保管库中检索机密。对于身份验证,我一直在使用 ServicePrincipal 凭证和 SecretClient class 附带的 Azure-keyvault-secrets 包。但它抛出一个错误,这可能是因为 python 包中的任何更新。 谁能指出哪里出了问题?
from azure.common.credentials import ServicePrincipalCredentials
from azure.keyvault.secrets import SecretClient
CLIENT_ID '...' #app_id
TENANT_ID = '...'
KEY = '...'
credentials = ServicePrincipalCredentials(
client_id=CLIENT_ID,
secret=KEY,
tenant=TENANT_ID
)
vault_url = '...'
secret_name = "..."
secret_version = '...'
client = SecretClient(vault_url=vault_url, credential=credentials)
secret = client.get_secret(secret_name)
它给出了以下错误:
Traceback (most recent call last):
File "key-vault.py", line 23, in <module>
secret = client.get_secret("cromaprivate128")
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/tracing/decorator.py", line 71, in wrapper_use_tracer
return func(*args, **kwargs)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_client.py", line 71, in get_secret
**kwargs
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/_generated/v7_0/operations/_key_vault_client_operations.py", line 1621, in get_secret
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 208, in run
return first_node.send(pipeline_request) # type: ignore
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_redirect.py", line 157, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_retry.py", line 418, in send
response = self.next.send(request)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 67, in send
self._handle_challenge(request, challenge)
File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 91, in _handle_challenge
access_token = self._credential.get_token(scope)
AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'
我们不能使用 ServicePrincipalCredentials 创建 SecretClient。因为 ServicePrincipalCredentials 无法提供访问令牌。如果您想访问密钥库,请尝试使用 sdk azure.identity.
例如 1. 使用 Azure CLI 创建服务主体
az login
az ad sp create-for-rbac -n "MyApp" --sdk-auth
- 设置访问策略
az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get list set --key-permissions create decrypt delete encrypt get list unwrapKey wrapKe
- 代码
from azure.identity import ClientSecretCredential
from azure.keyvault.secrets import SecretClient
tenant_id="<your sp tenant>"
client_id="<your sp client id>"
client_secret="<your sp client secret>"
credential = ClientSecretCredential(tenant_id, client_id, client_secret)
secret_client = SecretClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)
secret = secret_client.get_secret("secret-name")
print(secret.name)
print(secret.value)