从Azure密钥保管库存储和检索JKS [英] Storing and retriveing a JKS from Azure key vault

问题描述

我想从Azure密钥库中引用Java密钥存储，而不是将其与作为docker映像部署到Kubernetes集群中的spring boot应用程序打包在一起.

I would like to refer to a Java Key store from the Azure Key vault instead of packaging it with my spring boot application that is deployed as a docker image into Kubernetes cluster.

根据Azure文档，仅.PFX文件被允许导入到Key Vault中.目前，我已经成功地从Spring Boot内打包和撤回JKS，但我正在寻找更安全的方法，并且希望将我的证书保存在代码库之外.

As per Azure documentation, only.PFX files are allowed to be imported into the Key vault. Currently I am successful in packaging and retreiving JKS from within the spring boot but I am looking for more secure approach and want to have my certificates outside codebase.

任何指针和代码段都将有所帮助.

Any pointers and code snippets would be helpful.

推荐答案

一种解决方案是将密钥作为base64编码的字符串存储为Azure密钥保险库中的键/值对，将其设置为环境变量，然后对其进行解码放入构建中服务器上的文件中.

One solution is to store the key as a base64 encoded string as a key/value pair in Azure key vault, set it to an environment variable, and decode it into a file on the server in the build.

编码:openssl base64 -A -in keystore.jks

从Azure Key Vault设置为环境变量

Set to environment variable from Azure Key Vault

解码:echo $KEYSTORE_BASE64 | base64 --decode > keystore.jks

这篇关于从Azure密钥保管库存储和检索JKS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！