Closed mauve closed 2 years ago
There’s no Azure CLI command for token management yet but it’s tracked here and you can see the az rest
command that you can use for now to retrieve the token: https://github.com/Azure/azure-cli/issues/16470#issue-782483120
The request for authenticating using service principal is here but not something we have committed to add yet: #312
As for ARM templates, I managed to get it like this:
"variables": {
"resourceId": "[resourceId('Microsoft.Web/staticSites/', parameters('webAppName'))]"
},
"outputs": {
"deploymentToken": {
"type": "string",
"value": "[listSecrets(variables('resourceId'), '2019-08-01').properties.apiKey]"
}
}
Found this through google. az staticwebapp secrets list
is working in az cli 2.30.0
@ebuzyuma According to Bicep lint rule outputs-should-not-contain-secrets, outputting sensitive data is a bad idea:
Don't include any values in an output that could potentially expose secrets. For example, secure parameters of type
secureString
orsecureObject
, or list* functions such aslistKeys
. The output from a template is stored in the deployment history, so a malicious user could find that information.
Here's an example pipeline that acquires the secrets used for deployment; https://johnnyreilly.com/azure-static-web-app-deploy-previews-with-azure-devops#azure-pipelines-tweaks
Hey all, as @MPapst has mentioned above, we can officially get the deployment token now from the AZ CLI using az staticwebapp secrets list
. For more information, check out the official documentation.
Closing this issue.
you can also get this with the Az.Websites powershell module
$secrets = Get-AzStaticWebAppSecret -ResourceGroupName foo -Name $appServiceName
$apiKey = (ConvertFrom-Json $secrets.ToJsonString()).properties.apiKey
Amazing... thanks @austincrft
Feels like the Powershell option should be added to the docs here: https://learn.microsoft.com/en-us/azure/static-web-apps/static-web-apps-cli-deploy
To automate stage setup and deployment I would like to be able to get the
deployment_token
using theCLI
so that I can acquire the token in my pipeline before I deploy from Azure DevOps.I couldn't find a way to do that.
Even better of course would be if I could just use my AAD credentials instead of a special credential to do my deployments.