azure - 如何在 GitHub Actions 工作流程中取消屏蔽 `az account get-access-token` 的值(例如 accessToken)?

标签 azure azure-active-directory cloud azure-cli

在 GitHub Actions 中使用 az account get-access-token ... 请求访问 token 时,输出(例如 accessToken)会被屏蔽,即使在原始文件中也是如此日志。

如何取消屏蔽输出,以便能够检查 PoC 工作的值?

.github/workflows/azure-login.yaml:

name: Run Azure Login with OIDC
on: [push]

permissions:
  id-token: write
  contents: read
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: "Az CLI login"
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          allow-no-subscriptions: true
      - name: "Run az commands"
        run: |
          az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=api://${{ secrets.AZURE_TARGET_API }}/.default

输出:

enter image description here

最佳答案

I agree and Thanks to @rickvdbosch commented SO LINK answer by possan When I tried the below code with answer recommended by possan in above SO link to use xxd -ps to get the secrets the Access token got printed successfully, Refer below:-

代码:-

    runs-on: ubuntu-latest
    steps:

      # Checkout code
      - uses: actions/checkout@main

      # Log into Azure
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: "Run az commands"
        run: |
              access_token=$(az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=https://management.azure.com/.default --query accessToken -o tsv)
              echo "Access Token: $access_token" | xxd -ps

输出:-

enter image description here

Also, According to this SO answer By mclayton As long as you're authenticating with {{AZURE_CREDENTIALS}} stored in { and } in github secrets the value of secrets will be masked by default you need to convert the value into base64 or something else to view it.

默认情况下,Azure github 操作将屏蔽 az account get-access-token 命令生成的 secret 和访问 token 的输出,作为安全措施:-

代码:-

on: [push]
name: Deploy ARM Template
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:

      # Checkout code
      - uses: actions/checkout@main

      # Log into Azure
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: "Run az commands"
        run: |
              access_token=$(az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=https://management.azure.com/.default --query accessToken -o tsv)
              echo "Access Token: $access_token"

输出:-

enter image description here

关于azure - 如何在 GitHub Actions 工作流程中取消屏蔽 `az account get-access-token` 的值(例如 accessToken)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76090150/

上一篇:Azure 数据工厂 - 站点到站点 VPN 连接

下一篇:Azure 逻辑应用 - 条件。是否可以检查字符串响应中的字符数量? (和更多..)

相关文章:

android - 一种在Android中同步应用程序数据库的云解决方案

azure - 允许 Azure CDN 访问 Azure KeyVault

azure - 如何在安全服务结构集群中将要 ACL 的证书权限更改为网络服务

c# - 尝试从 Visual Studio 2013 update 4 发布 azure webjob

c# - 无需用户即可访问 Azure DevOps API

linux - 对于包含更改文件的目录,可以替代 .tar

azure - Azure 服务总线通知中心的 ios 通知模板

azure - @azure/identitycredentials.getToken ('openid' )在配置了环境变量的情况下返回 null 而不是 DefaultAzureCredential() 的 token ?

azure - 如果我的客户端 key 过期,我可以重新生成访问 token 和刷新 token 对吗?

hadoop - Elastic MapReduce (EMR) 的扩展?

©2024 IT工具网  联系我们