Java 从Azure密钥库获取秘密
我正试图从azure密钥库获取秘密 所以我找到了下面的代码,但出现了一个错误Java 从Azure密钥库获取秘密,java,azure,spring-boot,azure-keyvault,secret-key,Java,Azure,Spring Boot,Azure Keyvault,Secret Key,我正试图从azure密钥库获取秘密 所以我找到了下面的代码,但出现了一个错误 AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE); KeyVaultClient keyVaultClient = new KeyVaultClient(credentials); String secret = keyVaultClient.getSecret("uri", "s
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
String secret = keyVaultClient.getSecret("uri", "secretName").value();
Error >>> endpoint == null
AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE, "MSI Url????", "secret???");
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
String secret = keyVaultClient.getSecret("keyVault Uri", "secret name").value();
log.debug("secret=========",secret);
更新: 如果无法创建托管标识,则可以使用Azure AD library获取访问令牌。然后使用该令牌访问密钥库 下面是一个代码示例:
public class KeyVaultTest {
// Add access policy to user, and access key vault as user
private static AuthenticationResult getAccessTokenAsUser(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
String username = "your user id, jack@hanxia.onmicrosoft.com";
String password = "your password, ********";
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = context.acquireToken(resource, clientId, username, password, null);
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://keyvault279.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessTokenAsUser(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
公共类密钥测试{
//向用户添加访问策略,并以用户身份访问密钥库
私有静态身份验证结果getAccessTokenAsUser(字符串授权,字符串资源)引发InterruptedException、ExecutionException、MalformedUrlexException{
字符串clientId=“1950a258-227b-4e31-a9cf-717495945fc2”;
String username=“您的用户id,jack@hanxia.onmicrosoft.com";
String password=“您的密码,*******”;
AuthenticationResult=null;
//启动服务以获取访问令牌。
ExecutorService=null;
试一试{
服务=Executors.newFixedThreadPool(1);
AuthenticationContext=新的AuthenticationContext(授权、假、服务);
Future=context.acquireToken(资源、clientId、用户名、密码、null);
结果=future.get();
}最后{
service.shutdown();
}
如果(结果==null){
抛出新的RuntimeException(“身份验证结果为null”);
}
返回结果;
}
公共静态void main(字符串[]args){
字符串基=”https://keyvault279.vault.azure.net/";
KeyVaultClient KeyVaultClient=新建KeyVaultClient(新建KeyVaultCredentials()){
@凌驾
公共字符串doAuthenticate(字符串授权、字符串资源、字符串范围){
字符串标记=null;
试一试{
AuthenticationResult authResult=getAccessTokenAsUser(授权,资源);
token=authResult.getAccessToken();
}捕获(例外e){
e、 printStackTrace();
}
返回令牌;
}
});
SecretBundle test=keyVaultClient.getSecret(vaultBase,“test”);
System.out.println(test.value());
}
}