Azure KeyVault：get_secret() - Python TypeError：字符串索引必须是整数

Posted 2023-02-19

【中文标题】Azure KeyVault：get_secret() - Python TypeError：字符串索引必须是整数

【英文标题】：Azure KeyVault: get_secret() - Python TypeError: string indices must be integers

【发布时间】：2021-11-16 15:03:43

【问题描述】：

我一直在尝试使用以下 python 代码从本地 VM 获取 azure key vault 机密。不幸的是，我收到了类型错误。如果有人能解决这个问题，那将是一个很大的帮助：

from azure.identity import ClientSecretCredential
from azure.keyvault.secrets import SecretClient

SECRET_NAME = 'secretName'
TENANT_ID = 'client_id'
CLIENT_ID = 'tenant_id'
CLIENT_SECRET = 'secretValue'
KEYVAULT_NAME = 'keyVaultName'
KEYVAULT_URL = 'https://vault_url'

_credential = ClientSecretCredential(
    tenant_id = TENANT_ID,
    client_id = CLIENT_ID,
    client_secret = CLIENT_SECRET
    )

_sc = SecretClient(vault_url = KEYVAULT_URL, credential = _credential)
secret = _sc.get_secret(SECRET_NAME)

print(secret.name) 

我也试过 - print(_sc.get_secret(SECRET_NAME).value)。但它也显示相同的错误。

请在下面找到显示的错误：

Traceback (most recent call last):
  File "C:\Users\user\Desktop\trialSecret.py", line 37, in <module>
    print(_sc.get_secret(KEYVAULT_NAME).value)
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\core\tracing\decorator.py", line 83, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\keyvault\secrets\_client.py", line 67, in get_secret
    bundle = self._client.get_secret(
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\keyvault\secrets\_generated\_operations_mixin.py", line 1515, in get_secret
    return mixin_instance.get_secret(vault_base_url, secret_name, secret_version, **kwargs)
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\keyvault\secrets\_generated\v7_2\operations\_key_vault_client_operations.py", line 290, in get_secret
    map_error(status_code=response.status_code, response=response, error_map=error_map)
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\core\exceptions.py", line 104, in map_error
    error = error_type(response=response)
  File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\keyvault\secrets\_shared\exceptions.py", line 24, in _get_exception_for_key_vault_error
    message = "() ".format(body["error"]["code"], body["error"]["message"])  # type: Optional[str]
TypeError: string indices must be integers

【参考方案1】：

我们已经在本地环境中测试了相同的代码（本地机器使用“azure.keyvault.secrets v 4.3.0”运行）。我们可以使用以下任一打印语句提取秘密值，如下所示

print(secret.value)
print(_sc.get_secret(SECRET_NAME).value)

"C:\Users\user\Desktop\trialSecret.py", line 37, in <module>
    print(_sc.get_secret(KEYVAULT_NAME).value)   File "C:\Users\user\AppData\Roaming\Python\Python39\site-packages\azure\core\tracing\decorator.py",
line 83, in wrapper_use_tracer
    return func(*args, **kwargs)

查看完整的堆栈跟踪，我们了解到您正在传递 print(_sc.get_secret(KEYVAULT_NAME).value) 以获取秘密值，这是不可能的，因为 keyvault 名称本身是一个名称并且它不包含任何值，而秘密遵循 (key, value) 对.

【参考方案2】：

我通过以下方式处理这个有点不同：

secrets = _sc.list_properties_of_secrets()

然后我可以为secrets 中的每个secret 循环。然后我将一个名为key 的变量设置为secret.name。使用这个key，我从保险库中获得了价值：

secrets = _sc.list_properties_of_secrets()

for secret in secrets:
    key = secret.name
    val = _sc.get_secret(key).value