dougong2005
2016-11-17 20:26
浏览 41
已采纳

如何使用Git处理Azure App Services上的机密文件

We have an PHP app, where for encryption of the connection with database we need to provide 3 files that shouldn't be publicly accessible, but should be present on the server to make the DB connection (https://www.cleardb.com/developers/ssl_connections)

Obviously we don't want to store them in the SCM with the app code, so the only idea that comes to my mind is using post-deploy action hook and fetch those files from storage account (with keys and URIs provided in the app parameters).

Is there a nicer/cleaner way to achieve this? :)

Thank you,

图片转代码服务由CSDN问答提供 功能建议

我们有一个PHP应用程序,用于加密与数据库的连接,我们需要提供3个不应该的文件 可公开访问,但应存在于服务器上以建立数据库连接( https://www.cleardb .com / developers / ssl_connections

显然我们不希望用应用程序代码将它们存储在SCM中,所以我想到的唯一想法是使用 部署后操作挂钩并从存储帐户中获取这些文件(使用应用参数中提供的密钥和URI)。

是否有更好/更清晰的方法来实现此目的? :)

谢谢,

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongwei4096 2016-11-18 03:31
    已采纳

    You can try to use Custom Deployment Script to execute additional scripts or command during the deployment task. So you can create a php script whose functionality is to download the certificate files from Blob Storage to server file system location. And then in your PHP application, the DB connection can use these files.

    Following are the general steps:

    1. Enable composer extension in your portal: enter image description here
    2. Install azure-cli module via npm, refer to https://docs.microsoft.com/en-us/azure/xplat-cli-install for more info.
    3. Create deployment script for php via command azure site deplotmentscript --php
    4. Execute command composer require microsoft/windowsazure, make sure you have a composer.json with the storage sdk dependency.
    5. Create php script in your root directory to download flies from Blob Storage(e.g. named run.php):

      require_once 'vendor/autoload.php';
      
      use WindowsAzure\Common\ServicesBuilder;
      use MicrosoftAzure\Storage\Common\ServiceException;
      $connectionString = "<connection_string>";
      $blobRestProxy = ServicesBuilder::getInstance()->createBlobService($connectionString);
      
      $container = 'certificate';
      $blobs = ['client-key.pem','client-cert.pem','cleardb-ca.pem'];
      
      foreach($blobs as $k => $b){
          $blobresult = $blobRestProxy->getBlob($container, $b);
          $source = stream_get_contents($blobresult->getContentStream());
          $result = file_put_contents($b, $source);
      }
      
    6. Modify the deploy.cmd script, add santence php run.php under the step KuduSync.
    7. Deploy your application to Azure Web App via Git.

    Any further concern, please feel free to let me know.

    打赏 评论

相关推荐 更多相似问题