dougong2005 2016-11-17 20:26
浏览 41
已采纳

如何使用Git处理Azure App Services上的机密文件

We have an PHP app, where for encryption of the connection with database we need to provide 3 files that shouldn't be publicly accessible, but should be present on the server to make the DB connection (https://www.cleardb.com/developers/ssl_connections)

Obviously we don't want to store them in the SCM with the app code, so the only idea that comes to my mind is using post-deploy action hook and fetch those files from storage account (with keys and URIs provided in the app parameters).

Is there a nicer/cleaner way to achieve this? :)

Thank you,

  • 写回答

1条回答 默认 最新

  • dongwei4096 2016-11-18 03:31
    关注

    You can try to use Custom Deployment Script to execute additional scripts or command during the deployment task. So you can create a php script whose functionality is to download the certificate files from Blob Storage to server file system location. And then in your PHP application, the DB connection can use these files.

    Following are the general steps:

    1. Enable composer extension in your portal: enter image description here
    2. Install azure-cli module via npm, refer to https://docs.microsoft.com/en-us/azure/xplat-cli-install for more info.
    3. Create deployment script for php via command azure site deplotmentscript --php
    4. Execute command composer require microsoft/windowsazure, make sure you have a composer.json with the storage sdk dependency.
    5. Create php script in your root directory to download flies from Blob Storage(e.g. named run.php):

      require_once 'vendor/autoload.php';
      
      use WindowsAzure\Common\ServicesBuilder;
      use MicrosoftAzure\Storage\Common\ServiceException;
      $connectionString = "<connection_string>";
      $blobRestProxy = ServicesBuilder::getInstance()->createBlobService($connectionString);
      
      $container = 'certificate';
      $blobs = ['client-key.pem','client-cert.pem','cleardb-ca.pem'];
      
      foreach($blobs as $k => $b){
          $blobresult = $blobRestProxy->getBlob($container, $b);
          $source = stream_get_contents($blobresult->getContentStream());
          $result = file_put_contents($b, $source);
      }
      
    6. Modify the deploy.cmd script, add santence php run.php under the step KuduSync.
    7. Deploy your application to Azure Web App via Git.

    Any further concern, please feel free to let me know.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 修改光猫sn的时候提示失败
  • ¥15 java大作业爬取网页
  • ¥15 怎么获取欧易的btc永续合约和交割合约的5m级的历史数据用来回测套利策略?
  • ¥15 有没有办法利用libusb读取usb设备数据
  • ¥15 为什么openeluer里面按不了python3呢?
  • ¥15 关于#matlab#的问题:训练序列与输入层维度不一样
  • ¥15 关于Ubuntu20.04.3LTS遇到的问题:在安装完CUDA驱动后,电脑会进入卡死的情况,但可以通过键盘按键进入安全重启,但重启完又会进入该情况!
  • ¥15 关于#嵌入式硬件#的问题:树莓派第一天重装配置python和opencv后第二天打开就成这样,瞎捣鼓搞出来文件夹还是没把原来的界面调回来
  • ¥20 Arduino 循迹小车程序电路出错故障求解
  • ¥20 Arduino 循迹小车程序电路出错故障求解