0

我正在尝试通过 Java 中的托管服务标识 (MSI) 读取 Azure Key Vault 中的机密。我希望令牌通过 MSI 访问密钥库。

.net 有可用的参考资料来执行此操作,但在 Java 中没有找到任何内容。我不想通过客户端 ID/密钥或证书来执行此操作。

我想要在 Java 中接近于遵循 .net 代码的东西

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
try
{
    var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    var secret = await keyVaultClient.GetSecretAsync("https://abcded.vault.azure.net/secrets/secretname/").ConfigureAwait(false);
    ViewBag.Secret = $"Secret: {secret.Value}"; 
}
catch (Exception exp)
{
    ViewBag.Error = $"Something went wrong: {exp.Message}";
}
4

2 回答 2

1 
import com.microsoft.azure.credentials.MSICredentials;

MSICredentials credentials = new MSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
SecretBundle secret = keyVaultClient.getSecret("vaultbaseurl","secretName","secretversion");
于 2019-06-18T15:20:34.637 回答
1

我们可以在 Java 中使用AppServiceMSICredentials 。请尝试使用以下代码。

import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyBundle;

AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
keyVaultClient.getSecret("https://xxxx.vault.azure.net","secretName");
于 2018-08-09T03:32:50.273 回答