如何从密钥库中获取秘密? [英] How can i get secret from key vault?
问题描述
我想从Azure密钥库中获取秘密.
I want to get secret from Azure key vault.
我在下面找到了代码并进行了尝试. 但是我失败了.
I found codes below and tried it. But I failed with error.
private String clientId= '<I put my client Id here>';
private String secret= '<I put my client secret here>';
KeyVaultClient client = new KeyVaultClient(credentials);
String secret = client.getSecret("https://<myVault>.vault.azure.net", "secret name").value();
log.debug("secret=============",secret);
}
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
我收到如下错误:
[http-nio-8080-exec-1] ERROR c.t.c.e.GlobalExceptionHandler - Error >>> java.net.ConnectException: Failed to connect
如何从密钥库中获取秘密? 我还有什么需要做的吗?
How can i get secret from key vault? Is there anything i should do more?
谢谢.
推荐答案
似乎您要使用应用程序访问azure密钥库.
It seems that you want to access the azure key vault with application.
-
在Azure AD中注册Web应用
Register a web app in Azure AD
您可以在概述中获取客户端ID(应用程序ID)
You can get the client id (application id) at the overview
添加秘密
在密钥库中分配访问策略
Assign access policy in key vault
保存该策略,以使其生效.
Save the policy, so that it will take effect.
代码示例
public class KeyVaultTest {
private static AuthenticationResult getAccessToken(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "dc17****-****-****-****-ea03****a5e7"; // Client ID
String clientKey = "1YWt******k21"; //Client Secret
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = null;
//Acquires token based on client ID and client secret.
if (clientKey != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
future = context.acquireToken(resource, credentials, null);
}
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://jackkv.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessToken(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
更新:
如果遇到连接问题,请检查是否已为密钥库设置了防火墙.
If you face connection issues, please check if you have set the firewall for your key vault.
如果设置了防火墙,请将您的IP添加到允许的列表中:
If you set the firewall, please add your IP to the allowed list:
这篇关于如何从密钥库中获取秘密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
