在 GitHub Actions 中使用 az account get-access-token ...
请求访问 token 时,输出(例如 accessToken
)会被屏蔽,即使在原始文件中也是如此日志。
如何取消屏蔽输出,以便能够检查 PoC 工作的值?
.github/workflows/azure-login.yaml
:
name: Run Azure Login with OIDC
on: [push]
permissions:
id-token: write
contents: read
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: "Az CLI login"
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
allow-no-subscriptions: true
- name: "Run az commands"
run: |
az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=api://${{ secrets.AZURE_TARGET_API }}/.default
输出:
最佳答案
I agree and Thanks to @rickvdbosch commented SO LINK answer by possan When I tried the below code with answer recommended by possan in above SO link to use
xxd -ps
to get the secrets the Access token got printed successfully, Refer below:-
代码:-
runs-on: ubuntu-latest
steps:
# Checkout code
- uses: actions/checkout@main
# Log into Azure
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: "Run az commands"
run: |
access_token=$(az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=https://management.azure.com/.default --query accessToken -o tsv)
echo "Access Token: $access_token" | xxd -ps
输出:-
Also, According to this SO answer By mclayton As long as you're authenticating with {{AZURE_CREDENTIALS}} stored in { and } in github secrets the value of secrets will be masked by default you need to convert the value into base64 or something else to view it.
默认情况下,Azure github 操作将屏蔽 az account get-access-token 命令生成的 secret 和访问 token 的输出,作为安全措施:-
代码:-
on: [push]
name: Deploy ARM Template
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# Checkout code
- uses: actions/checkout@main
# Log into Azure
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: "Run az commands"
run: |
access_token=$(az account get-access-token --resource=${{ secrets.AZURE_CLIENT_ID }} --scope=https://management.azure.com/.default --query accessToken -o tsv)
echo "Access Token: $access_token"
输出:-
关于azure - 如何在 GitHub Actions 工作流程中取消屏蔽 `az account get-access-token` 的值(例如 accessToken)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76090150/