0

我有一个逻辑应用程序,它对 Key Vault URI 进行 HTTP 调用以获取连接到外部系统所需的秘密。我在开发资源组中开发了这个。我想知道如何将密钥库从开发资源组设置到其他资源组(测试/产品)。此外,如何迁移逻辑应用并获取每个环境的密钥。

4

1 回答 1

0

:) The solution is to use ARM templates and ADO/any other pipeline. You can create ARM templates with different parameters' values for different environments and use them to deploy your Logic App and Key vault to different environments.

Logic App Template sample:

{
   "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   // Template parameters
   "parameters": {
      "<template-parameter-name>": {
         "type": "<parameter-type>",
         "defaultValue": "<parameter-default-value>",
         "metadata": {
            "description": "<parameter-description>"
         }
      }
   },
   "variables": {},
   "functions": [],
   "resources": [
      {
         // Start logic app resource definition
         "properties": {
            <other-logic-app-resource-properties>,
            "definition": {
               "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
               "actions": {<action-definitions>},
               // Workflow definition parameters
               "parameters": {
                  "<workflow-definition-parameter-name>": {
                     "type": "<parameter-type>",
                     "defaultValue": "<parameter-default-value>",
                     "metadata": {
                        "description": "<parameter-description>"
                     }
                  }
               },
               "triggers": {
                  "<trigger-name>": {
                     "type": "<trigger-type>",
                     "inputs": {
                         // Workflow definition parameter reference
                         "<attribute-name>": "@parameters('<workflow-definition-parameter-name')"
                     }
                  }
               },
               <...>
            },
            // Workflow definition parameter value
            "parameters": {
               "<workflow-definition-parameter-name>": { 
                  "value": "[parameters('<template-parameter-name>')]"
               }
            },
            "accessControl": {}
         },
         <other-logic-app-resource-definition-attributes>
      }
      // End logic app resource definition
   ],
   "outputs": {}
}

Key Vault template:

{
  "name": "string",
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2018-02-14",
  "location": "string",
  "tags": {},
  "properties": {
    "tenantId": "string",
    "sku": {
      "family": "A",
      "name": "string"
    },
    "accessPolicies": [
      {
        "tenantId": "string",
        "objectId": "string",
        "applicationId": "string",
        "permissions": {
          "keys": [
            "string"
          ],
          "secrets": [
            "string"
          ],
          "certificates": [
            "string"
          ],
          "storage": [
            "string"
          ]
        }
      }
    ],
    "vaultUri": "string",
    "enabledForDeployment": "boolean",
    "enabledForDiskEncryption": "boolean",
    "enabledForTemplateDeployment": "boolean",
    "enableSoftDelete": "boolean",
    "createMode": "string",
    "enablePurgeProtection": "boolean",
    "networkAcls": {
      "bypass": "string",
      "defaultAction": "string",
      "ipRules": [
        {
          "value": "string"
        }
      ],
      "virtualNetworkRules": [
        {
          "id": "string"
        }
      ]
    }
  },
  "resources": []
}

Moreover, you can read this article to understand more about setting up your ADO pipelines: Integrate ARM templates with Azure Pipelines

于 2020-10-28T19:42:54.423 回答