first i create an azure key vault with the following az command
az keyvault create --resource-group myResource-rg --name mykeyvault
second i can store the secret(for example password) in the key vault
az keyvault secrete create --name dbpassword --vault-name mykeyvault --description "database password" --value "mysecretpassord"
third step is generate the access token to access the key vault
access_token=(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -H Metadata: true -r '.access_toekn')
final step is to use the token to load the password out of key vault
(dbpassword is name of the password set in the key vault secret, mykeyvault is the name of the key vault that i had setup in Azure)
db_password=$(curl https://mykeyvault.vault.azure.net/secrets/dbpassword?api-version=2016-10-01 -H "Authorization: Bearer $access_token" --silent | jq -r '.value')
No comments:
Post a Comment