问题
I am trying to read secret in Azure Key Vault through Managed Service Identity (MSI) in Java. I want token to access the key vault through MSI.
There are references available for .net to do this but did not find anything in Java. I don't want to do this through Client id/secret key or certificates.
I want something in Java that is close to following .net code
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
try
{
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://abcded.vault.azure.net/secrets/secretname/").ConfigureAwait(false);
ViewBag.Secret = $"Secret: {secret.Value}";
}
catch (Exception exp)
{
ViewBag.Error = $"Something went wrong: {exp.Message}";
}
回答1:
We could use the AppServiceMSICredentials in Java. Please have a try use the following code.
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyBundle;
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
keyVaultClient.getSecret("https://xxxx.vault.azure.net","secretName");
回答2:
import com.microsoft.azure.credentials.MSICredentials;
MSICredentials credentials = new MSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
SecretBundle secret = keyVaultClient.getSecret("vaultbaseurl","secretName","secretversion");
来源:https://stackoverflow.com/questions/51750846/read-azure-key-vault-secret-through-msi-in-java