Java 访问Azure Key Vault进行本地开发
我正在尝试使用本地用于开发的服务原则凭据访问Azure Key Vault local 但Azure SDK似乎总是在检查IMDS连接(“169.254.169.254”) 我用于检索机密的代码:Java 访问Azure Key Vault进行本地开发,java,azure,java-8,azure-keyvault,azure-managed-identity,Java,Azure,Java 8,Azure Keyvault,Azure Managed Identity,我正在尝试使用本地用于开发的服务原则凭据访问Azure Key Vault local 但Azure SDK似乎总是在检查IMDS连接(“169.254.169.254”) 我用于检索机密的代码: SecretClient secretClient = new SecretClientBuilder() .vaultUrl(keyVaultUri) .credential(new DefaultAzureCredentialBuilder().build()) .buildClient();
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();
我还添加了以下变量作为环境变量:
有人能帮助我如何使用java中的服务原则从本地访问azure资源(如key vault)来使用服务原则进行本地身份验证,只需使用 示例:
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
public class vacate {
public static void main(String[] args) {
String clientId="xxxxxx";
String clientSecret="xxxxxx";
String tenantId="xxxxxx";
ClientSecretCredential credential1 = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(credential1)
.buildClient();
//do other things
}
}
import com.azure.identity.ClientSecretCredential;
导入com.azure.identity.ClientSecretCredentialBuilder;
导入com.azure.security.keyvault.secrets.SecretClient;
导入com.azure.security.keyvault.secrets.SecretClientBuilder;
导入com.azure.security.keyvault.secrets.models.KeyVaultSecret;
公务舱空出{
公共静态void main(字符串[]args){
字符串clientId=“xxxxxx”;
字符串clientSecret=“xxxxxx”;
字符串tenantId=“xxxxxx”;
ClientSecretCredential credential1=新的ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
SecretClient SecretClient=new SecretClientBuilder()
.URL(“”)
.证书(证书1)
.buildClient();
//做其他事情
}
}
实际上,我认为您使用的
DefaultAzureCredential
也应该工作,它尝试在中创建一个有效的凭据,如果您已经正确设置了环境变量,它应该工作,如果没有,只需像上面那样使用ClientSecretCredential
,它就会工作。要使用服务主体在本地进行身份验证,就用吧
示例:
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
public class vacate {
public static void main(String[] args) {
String clientId="xxxxxx";
String clientSecret="xxxxxx";
String tenantId="xxxxxx";
ClientSecretCredential credential1 = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(credential1)
.buildClient();
//do other things
}
}
import com.azure.identity.ClientSecretCredential;
导入com.azure.identity.ClientSecretCredentialBuilder;
导入com.azure.security.keyvault.secrets.SecretClient;
导入com.azure.security.keyvault.secrets.SecretClientBuilder;
导入com.azure.security.keyvault.secrets.models.KeyVaultSecret;
公务舱空出{
公共静态void main(字符串[]args){
字符串clientId=“xxxxxx”;
字符串clientSecret=“xxxxxx”;
字符串tenantId=“xxxxxx”;
ClientSecretCredential credential1=新的ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
SecretClient SecretClient=new SecretClientBuilder()
.URL(“”)
.证书(证书1)
.buildClient();
//做其他事情
}
}
实际上,我认为您使用的
DefaultAzureCredential
也应该工作,它尝试在中创建一个有效的凭据,如果您已经正确设置了环境变量,它应该工作,如果没有,只需像上面那样使用ClientSecretCredential
,它就会工作。它解决了我的问题(可能也会帮助他人):
- DigiCert全局根CA
- DigiCert SHA2安全服务器CA
它解决我问题的方式(可能也会帮助其他人):
- DigiCert全局根CA
- DigiCert SHA2安全服务器CA