从Azure密钥保管库存储和检索JKS [英] Storing and retriveing a JKS from Azure key vault
问题描述
我想从Azure密钥库中引用Java密钥存储,而不是将其与作为docker映像部署到Kubernetes集群中的spring boot应用程序打包在一起.
I would like to refer to a Java Key store from the Azure Key vault instead of packaging it with my spring boot application that is deployed as a docker image into Kubernetes cluster.
根据Azure文档,仅.PFX文件被允许导入到Key Vault中.目前,我已经成功地从Spring Boot内打包和撤回JKS,但我正在寻找更安全的方法,并且希望将我的证书保存在代码库之外.
As per Azure documentation, only.PFX files are allowed to be imported into the Key vault. Currently I am successful in packaging and retreiving JKS from within the spring boot but I am looking for more secure approach and want to have my certificates outside codebase.
任何指针和代码段都将有所帮助.
Any pointers and code snippets would be helpful.
推荐答案
一种解决方案是将密钥作为base64编码的字符串存储为Azure密钥保险库中的键/值对,将其设置为环境变量,然后对其进行解码放入构建中服务器上的文件中.
One solution is to store the key as a base64 encoded string as a key/value pair in Azure key vault, set it to an environment variable, and decode it into a file on the server in the build.
编码:openssl base64 -A -in keystore.jks
从Azure Key Vault设置为环境变量
Set to environment variable from Azure Key Vault
解码:echo $KEYSTORE_BASE64 | base64 --decode > keystore.jks
这篇关于从Azure密钥保管库存储和检索JKS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!