我正在尝试通过Java中的托管服务身份(MSI)读取Azure Key Vault中的机密。我希望令牌通过MSI访问密钥库。
.net有可用的引用来实现此目的 但没有在Java中找到任何东西。我不想通过客户端ID /秘密密钥或证书来做到这一点。
我想要Java中与以下.net代码接近的东西
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
try
{
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://abcded.vault.azure.net/secrets/secretname/").ConfigureAwait(false);
ViewBag.Secret = $"Secret: {secret.Value}";
}
catch (Exception exp)
{
ViewBag.Error = $"Something went wrong: {exp.Message}";
}
答案 0 :(得分:0)
我们可以在Java中使用AppServiceMSICredentials。请尝试使用以下代码。
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyBundle;
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
keyVaultClient.getSecret("https://xxxx.vault.azure.net","secretName");
答案 1 :(得分:0)
import com.microsoft.azure.credentials.MSICredentials;
MSICredentials凭据1 =新的MSICredentials(AzureEnvironment.AZURE); KeyVaultClient keyVaultClient =新的KeyVaultClient(credentials1); SecretBundle secret = keyVaultClient.getSecret(“ vaultbaseurl”,“ secretName”,“ secretversion”);