Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
823 views
in Technique[技术] by (71.8m points)

upload .pfx certificate through azure devops pipeline

I want to upload .pfx certificate for my app service through azure devops task. can some one please help me on how to upload certificate through ARM Template

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can follow below steps to upload certificate with ARM.

1,Go to the secure files under Pipelines, Library and upload your certificate. enter image description here

2, Add a download secure file task to download your certificate to your pipeline. you can reference to it by the path $(<mySecureFile>.secureFilePath) or $(Agent.TempDirectory). Check here for more information about predefined variables

3, add a powershell task to run below scripts to transform your certificate to base64 string. And store it to a self-defined environment variable certificateBase64Content. Check here to learn more about variables

$secName = “<certificateName>.pfx
$tempDirectory = $env:AGENT_TEMPDIRECTORY

$pfxFilePath = Join-Path $tempDirectory $secName

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

$cert.Import($pfxFilePath, "$(certificatePassword)", $flag)

$bin = $cert.RawData
$base64Value = [System.Convert]::ToBase64String($bin)

Write-Host "##vso[task.setvariable variable=certificateBase64Content;]$base64Value"

4,create a keyvault and grand the Microsoft.Web resource provider access to the KeyVault to get the certificate, which will be stored in the keyvault.

Please check blog "Create the KeyVault with the required settings" part for ARM template example.

5, Store the certificate in the keyvault created in above step.

Please check blog Store the certificate in KeyVault part for ARM template example.

6, Refer to the last step of the blog Deploy the certificate to your Web App to deploy your certificate.

Reminder:

In above blog, the parameters defined in ARM template are override in the Azure resource group deployment task. You can configure this under the Template setting in the azure resource group deployment task enter image description here

Addition:

If you donot want to use keyvault. You can omit above step 4,and 5. And directly upload the cretificate after your cerficate being transformed and stored in the self-defined variable in above step 3. You need to replace parameters('certificatePfxBase64') with your self-defined variable certificateBase64Content

"variables": {
    "certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"
  },
"resources": [
    {
      "apiVersion": "2015-08-01",
      "name": "[variables('certificateName')]",
      "type": "Microsoft.Web/certificates",
      "location": "[resourceGroup().location]",
      "properties": {
        "pfxBlob": "[parameters('certificatePfxBase64')]",
        "password": "[parameters('certificatePfxPassword')]"
      },
      "tags": {
        "displayName": "Certificate"
      }
    }
  ]

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...