问题
I am trying to prepare an SSL certificate for deployment to Linux VM hosted on Azure following the instructions provided at:
HTTPS access to Azure ubuntu Virtual Machine
The first line:
$secret=$(az keyvault secret list-versions --vault-name myVaultName --name myCertName --query "[?attributes.enabled].id" --output tsv)
executes fine, and $secret contains the expected value. However when I execute the second line:
$vm_secret=$(az vm secret format --secret "$secret")
I get an error:
unable to find vault 'myVaultName' in current subscription.
I have double-checked the command format and parameters and can find nothing wrong. What going on?
回答1:
That's a strange thing. The CLI command works fine before, but now it needs to add the parameter --keyvault with the key vault name and -g with resource group name like this:
$vm_secret=$(az vm secret format --secret "$secret" -g groupName --keyvault keyvaultName)
Or just add the parameter --keyvault with the key vault Id:
$vm_secret=$(az vm secret format --secret "$secret" --keyvault keyvault_resourceId)
So that it can work fine without giving the error.
Note: if you use the old key vault created serial months ago, the CLI command that giving the error would also work in my test. So it's a little strange. And I find there is something different with the properties default value.
EDIT
I think it's better to run CLI command in a Linux environment, there is something different that CLI rin in Windows and Linux, it's possible to cause the error. And the script in Linux will like below:
az keyvault certificate create --vault-name keyvault_name --name cert_name --policy "$(az keyvault certificate get-default-policy)"
secret=$(az keyvault secret list-versions --vault-name keyvault_name --name cert_name --query "[?attributes.enabled].id" --output tsv)
vm_secret=$(az vm secret format --secrets "$secret" --resource-group group_name --keyvault keyvault_name)
az vm update -g charles -n azureUbuntu18 --set osProfile.secrets="$vm_secret"
来源:https://stackoverflow.com/questions/54336531/why-does-az-vm-secret-format-command-fail-when-prepping-ssl-cert-of-linux-vm-d