Я пытаюсь пройти аутентификацию в Key Vault, используя объект DefaultAzureCredential
с аутентификацией по имени пользователя и паролю, но получаю следующую ошибку:
[06/10/2020 13:57:37] Exception: ClientAuthenticationError:
[06/10/2020 13:57:37] No credential in this chain provided a token.
[06/10/2020 13:57:37] Attempted credentials:
[06/10/2020 13:57:37] EnvironmentCredential: Authentication failed: Unable to find wstrust endpoint from MEX. This typically happens when attempting MSA accounts. More details available here. https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Username-Password-Authentication
[06/10/2020 13:57:37]
[06/10/2020 13:57:37] Please visit the documentation at
[06/10/2020 13:57:37] https://aka.ms/python-sdk-identity#defaultazurecredential
[06/10/2020 13:57:37] to learn what options DefaultAzureCredential supports
Я могу подтвердить, что необходимые переменные среды загружаются из local.settings.json
:
AZURE_CLIENT_ID
AZURE_USERNAME
AZURE_PASSWORD
Соответствующий код:
def encrypt(text):
uri = os.environ['KEYVAULT_URI']
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url=uri, credential=credential)
key = key_client.get_key("managed-key")
crypto_client = CryptographyClient(key, credential=credential)
plaintext = text.encode()
return crypto_client.encrypt(EncryptionAlgorithm.rsa_oaep, plaintext)
local.settings.json
выглядит так:
{
"IsEncrypted": false,
"Values": {
"FUNCTIONS_WORKER_RUNTIME": "python",
"AzureWebJobsStorage": "{AzureWebJobsStorage}",
"KEYVAULT_URI": "<keyvault_uri>",
"AZURE_CLIENT_ID": "<client_id>",
"AZURE_USERNAME": "<email>",
"AZURE_PASSWORD": "<password>"
}
}