通过 Powershell 通过 Azure Key Vault 管理的密钥访问 Azure 存储

Accessing Azure Storage through keys managed by Azure Key Vault via Powershell

我在访问托管密钥保管库中的存储帐户密钥时遇到问题。 这是我的代码:

$secret = Get-AzKeyVaultManagedStorageAccount -VaultName $keyVaultName -Name $storageAccountName
$ctx =New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $secret.SecretValueText

$secret.SecretValueText好像是empty/null。如何正确检索存储帐户密钥?这是出现的错误。

New-AzStorageContext : Cannot validate argument on parameter 'StorageAccountKey'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

肯定是空的,output of Get-AzKeyVaultManagedStorageAccount is PSKeyVaultManagedStorageAccount, it does not have such a property, the SecretValueText is a property of PSKeyVaultSecret.

而且我不认为你可以通过Get-AzKeyVaultManagedStorageAccount获取存储帐户密钥,如果你想获取存储帐户密钥,你可以使用下面的命令,确保你的登录用户account/service principal 具有 RBAC 角色,例如Storage Account Key Operator Service RoleContributorOwner 在您的存储帐户中。

$key = (Get-AzStorageAccountKey -ResourceGroupName <group-name> -Name <storageaccount-name>).Value[0]
New-AzStorageContext -StorageAccountName <storageaccount-name> -StorageAccountKey $key