Closed johnckeen closed 2 months ago
Have you tried adding the credentials in a list (with [] )? As per the example at https://github.com/cudeso/misp2sentinel/tree/main/AzureFunction
[
{
"tenantId": "<TENANT_ID_WITH_APP_1>",
"id": "<APP_ID>",
"secret": "<APP_SECRET>",
"workspaceId": "<WORKSPACE_ID>"
},
{
"tenantId": "<TENANT_ID_WITH_APP_N>",
"id": "<APP_ID>",
"secret": "<APP_SECRET_N>",
"workspaceId": "<WORKSPACE_ID_N>"
}
]
Yes I have tried putting the following into key vault using a JSON variable then converting it to secure string:
$JSON = @" [ { "tenantId": "xxxx-xxxx-xxxx-xxxx", "id": "xxxx-xxxx-xxxx-xxxx", "secret": "xxxxxxxxxxxxxxxxxxxxxxxxxx", "workspaceId": "xxxx-xxxx-xxxx-xxxx" } ] "@
Set-AzKeyVaultSecret -VaultName misp2sentinelsoftcat -Name tenants -SecretValue ($JSON | ConvertTo-SecureString -AsPlainText -Force)
Is the above the wrong way to do this?
As far as I can check it's OK. I'm not an Azure expert and haven't used the Azure Function setup yet (sticked to the "local" install). @lnfernux would you happen to know if the syntax needs updating?
Another thing is that if you want to add a multiline variable to a keyvault secret you have two options, either
I usually go for number 1, so it might be the issue that it only will support a single line JSON-blob actually when I think about it. Can you try that and let me know if it works?
Thank you, I will try this later today and see if it helps. I was using secure string because all the docs I could find on putting json into secret was to convert to secure string.
I am stumped. Downloaded from github again and redeployed using vscode. Tried the following using your option 1 which is a massive life saver for other use cases too so thanks for that but still no dice.
{ "tenantId": "xxxx-xxxx-xxxx-xxxx", "id": "xxxx-xxxx-xxxx-xxxx", "secret": "***", "workspaceId": "xxxx-xxxx-xxxx-xxxx" }
I have tried with [ ] and without with no success, below is the error still "string indices must be integers, not 'str'. [cid:abaf833b-bf08-4395-8bb9-49339aec8107]
Can someone confirm if this is the correct format to store the secret in when just using one instance?
You still need the same formatting when sending to one instance :) It's just a matter of including only one. The link is here to the relevant section in the docs, but it should look like this:
[
{
"tenantId": "<TENANT_ID_WITH_APP_1>",
"id": "<APP_ID>",
"secret": "<APP_SECRET>",
"workspaceId": "<WORKSPACE_ID>"
}
]
Formatting as a single line, it should be like this:
[ { "tenantId": "<TENANT_ID_WITH_APP_1>", "id": "<APP_ID>", "secret": "<APP_SECRET>", "workspaceId": "<WORKSPACE_ID>" } ]
In my case (just tested), it worked for a single instance by using the single line above added to the keyvault.
hello @johnckeen can this issue be closed?
Thank you Infernex, For what ever reason, copying your single line and adding my details then pasting it into key vault worked. I've got both lines in notepad++ and can see no difference so I'm stumped as to why yours worked and mine didn't.
You can close this issue now and thank you so much for all the help!
I am getting this error when running and I have redeployed and double checked over a dozen times (not exaggerating!)
Result: Failure Exception: TypeError: string indices must be integers, not 'str' Stack: File "/azure-functions-host/workers/python/3.11/LINUX/X64/azure_functions_worker/dispatcher.py", line 604, in _handleinvocation_request call_result = await self._loop.run_in_executor( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.11/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/azure-functions-host/workers/python/3.11/LINUX/X64/azure_functions_worker/dispatcher.py", line 933, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/azure-functions-host/workers/python/3.11/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) ^^^^^^^^^^^^^^^^ File "/home/site/wwwroot/MISP2Sentinel/init.py", line 128, in main pmain() File "/home/site/wwwroot/MISP2Sentinel/init__.py", line 111, in pmain push_to_sentinel(item['tenantId'], item['id'], item['secret'], item['workspaceId']) ~~~~^^^^^^^^^^^^
my tenants secret is laid out like this in a single line in keyvault: {"tenantId": "xxxx-xxxx-xxxx-xxxx", "id": "xxxx-xxxx-xxxx-xxxx", "secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "workspaceId": "xxxx-xxxx-xxxx-xxxx"}
Everything is green for referencing vault secrets in function app.