由于 Azure Runbook 在与托管在 onprem 中的 Azuredevops 服务器管道集成方面存在一些限制,因此我们正在寻找一个 bash 脚本来查找列出的 keyvault 列表中的机密,以及 keyvault 中的机密是否即将在接下来的 60 年内过期只需几天,然后使用特定的秘密和 kv 触发发布管道,将日期延长到未来 2 年,然后发布批准。 我们正在努力寻找其过期的秘密并估计剩余天数
(az keyvault secret list --vault-name kv-01 --query "[?attributes.expires ].{Id:id, expires:attributes.expires}" | jq '.[].expires' '+%s'
如何列出并查找密钥库中将在未来 60 天内过期的所有秘密?
要查找
Azure Key Vault
中将在未来 60 天内过期的机密并估计每个机密的剩余天数,您可以使用以下 bash 脚本。
#Azure Key Vault details
keyVaultName="Keyvault name"
#Get the current date in UTC
currentDate=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
#Get a list of secrets in the Key Vault
secrets=$(az keyvault secret list --vault-name $keyVaultName --query "[].{Name:name, Expires:attributes.expires}")
#Iterate through the secrets
for row in $(echo "${secrets}" | jq -c '.[]'); do
secretName=$(echo "$row" | jq -r '.Name')
expirationDate=$(echo "$row" | jq -r '.Expires')
# Check if the secret is already expired
if [ "$(date -u +"%s")" -gt "$(date -u -d "$expirationDate" +"%s")" ]; then
echo "Output-------------------------------------"
echo "Expired: Secret $secretName has already expired on $expirationDate."
else
# Calculate the remaining days until expiration
remainingDays=$(( ($(date -u -d "$expirationDate" +"%s") - $(date -u -d "$currentDate" +"%s")) / 86400 ))
# Check if the secret is about to expire (within the next 60 days)
if [ $remainingDays -lt 60 ]; then
echo "About to Expire in 60 days : Secret $secretName is about to expire in $remainingDays days. Expiration Date: $expirationDate"
# Trigger Azure DevOps release pipeline
echo "Triggering Azure DevOps release pipeline..."
# add your script to trigger the Azure DevOps release pipeline
else
echo "Not Expiring Soon: Secret $secretName is not expiring in 60 days. It's about to expire in $remainingDays days. Expiration Date: $expirationDate"
fi
fi
done
上述脚本将在Key Vault
中显示已过期秘密、即将在60天内过期的秘密以及
尚未过期的秘密。
输出: