azure-keyvault-secrets python包中的SecretClient类抛出意外的错误

时间:2020-02-10 07:49:11

标签: python azure azure-keyvault

我一直在尝试获取python脚本以从Azure密钥库中检索秘密。对于身份验证,我一直在使用ServicePrincipal凭据和SecretClient类随附的Azure-keyvault-secrets程序包。但这会引发错误,可能是由于python软件包中的任何更新所致。 谁能指出出什么问题了?

from azure.common.credentials import ServicePrincipalCredentials

from azure.keyvault.secrets import SecretClient

CLIENT_ID '...' #app_id
TENANT_ID = '...'
KEY = '...'


credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=KEY,
    tenant=TENANT_ID
)
vault_url = '...'
secret_name = "..."
secret_version = '...'


client = SecretClient(vault_url=vault_url, credential=credentials)
secret = client.get_secret(secret_name)

它给出以下错误:

Traceback (most recent call last):
  File "key-vault.py", line 23, in <module>
    secret = client.get_secret("cromaprivate128")
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/tracing/decorator.py", line 71, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_client.py", line 71, in get_secret
    **kwargs
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/_generated/v7_0/operations/_key_vault_client_operations.py", line 1621, in get_secret
    pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 208, in run
    return first_node.send(pipeline_request)  # type: ignore
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
    response = self.next.send(request)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
    response = self.next.send(request)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/_base.py", line 80, in send
    response = self.next.send(request)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_redirect.py", line 157, in send
    response = self.next.send(request)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/core/pipeline/policies/_retry.py", line 418, in send
    response = self.next.send(request)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 67, in send
    self._handle_challenge(request, challenge)
  File "/Users/rishavputatunda/Library/Python/3.7/lib/python/site-packages/azure/keyvault/secrets/_shared/challenge_auth_policy.py", line 91, in _handle_challenge
    access_token = self._credential.get_token(scope)
AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'

1 个答案:

答案 0 :(得分:3)

我们不能使用ServicePrincipalCredentials创建SecretClient。因为ServicePrincipalCredentials无法提供访问令牌。如果要访问密钥保险库,请尝试使用sdk azure.identity提供的证书。

例如 1.使用Azure CLI创建服务主体

az login
az ad sp create-for-rbac -n "MyApp"   --sdk-auth

enter image description here

  1. 设置访问策略
az keyvault set-policy -n <your-unique-keyvault-name> --spn <clientId-of-your-service-principal> --secret-permissions delete get list set --key-permissions create decrypt delete encrypt get list unwrapKey wrapKe
  1. 代码
from azure.identity import ClientSecretCredential
    from azure.keyvault.secrets import SecretClient
tenant_id="<your sp tenant>" 
client_id="<your sp client id>"
client_secret="<your sp client secret>"
credential = ClientSecretCredential(tenant_id, client_id, client_secret)

 secret_client = SecretClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)

 secret = secret_client.get_secret("secret-name")

    print(secret.name)
    print(secret.value)
相关问题
最新问题