问题
I'm trying to get secret from azure key vault.
So i found the code below but got an error.
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
String secret = keyVaultClient.getSecret("uri", "secretName").value();
I got an error like this:
Error >>> endpoint == null
I also tried this way:
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE, "MSI Url????", "secret???");
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
String secret = keyVaultClient.getSecret("keyVault Uri", "secret name").value();
log.debug("secret=========",secret);
I'm new to Azure and now i cannot find the solutions....
How can i solve it? Also how can i find msi endpoint and secret??
Thank you.
回答1:
You were using managed identity. You do not need to provide any endpoint or secret.
The only thing you need to do is to enable system identity in your web app.
After that, you will get an object id of a service principal. then you can assign access policy in your key vault for that service principal.
Finally, you can access your key vault and secret in your spring boot application.
Update:
If you cannot create managed identity, then you can get an access token with Azure AD library. And then use that token to access key vault.
Here is a code sample:
public class KeyVaultTest {
// Add access policy to user, and access key vault as user
private static AuthenticationResult getAccessTokenAsUser(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
String username = "your user id, jack@hanxia.onmicrosoft.com";
String password = "your password, ********";
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = context.acquireToken(resource, clientId, username, password, null);
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://keyvault279.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessTokenAsUser(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
来源:https://stackoverflow.com/questions/57764432/getting-secret-from-azure-key-vault