问题
I want to get secret from Azure key vault.
I found codes below and tried it. But I failed with error.
private String clientId= '<I put my client Id here>';
private String secret= '<I put my client secret here>';
KeyVaultClient client = new KeyVaultClient(credentials);
String secret = client.getSecret("https://<myVault>.vault.azure.net", "secret name").value();
log.debug("secret=============",secret);
}
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
I got error like below:
[http-nio-8080-exec-1] ERROR c.t.c.e.GlobalExceptionHandler - Error >>> java.net.ConnectException: Failed to connect
How can i get secret from key vault? Is there anything i should do more?
Thank you.
回答1:
It seems that you want to access the azure key vault with application.
Register a web app in Azure AD
You can get the client id (application id) at the overview
Add a secret
Assign access policy in key vault
Save the policy, so that it will take effect.
Code sample
public class KeyVaultTest {
private static AuthenticationResult getAccessToken(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "dc17****-****-****-****-ea03****a5e7"; // Client ID
String clientKey = "1YWt******k21"; //Client Secret
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = null;
//Acquires token based on client ID and client secret.
if (clientKey != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
future = context.acquireToken(resource, credentials, null);
}
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://jackkv.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessToken(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
Update:
If you face connection issues, please check if you have set the firewall for your key vault.
If you set the firewall, please add your IP to the allowed list:
回答2:
Before getting secrets from the Azure Key Vault make sure you have access to the key vault. Make sure to login or provide correct Azure credential. you can refer this link for getting secret
Or you execute this powershell command Get-AzureKeyVaultSecret -VaultName 'VaultName' -Name 'sceretName'
来源:https://stackoverflow.com/questions/57765760/how-can-i-get-secret-from-key-vault