问题描述
使用Java SDK获取Key Vault Secret机密信息时,需要获取授权。通常是使用AAD的注册应用(Client ID, Tenant ID, Client Secret)来获取 credential 对象。
SecretClient secretClientidentity = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(new DefaultAzureCredentialBuilder()
.authorityHost(AzureAuthorityHosts.AZURE_CHINA)
.build())
.buildClient();
如果使用 DefaultAzureCredentialBuilder 来创建,则需要把 Client ID, Secret 和 Tenant ID 设置为环境变量。
如果不想设置环境变量,而想直接把三个参数值通过代码传递,是否有示例代码呢?
问题解答
可以的。使用 ClientSecretCredentialBuilder 就可以把Client ID,Secret 和 Tenant ID 参数显示设置。
代码如下:
// /**
// * Authenticate with client secret.
// */
String clientID="xxxxxxxx-8216-xxxxxxxx-8924-xxxxxxxxxxxxxxxx";
String tenantID="xxxxxxxx-66d7-xxxxxxxx-8f9f-xxxxxxxxxxxxxxxx";
String clientSecret="xxxxxxxx.3ay_aOti..4";
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientID)
.clientSecret(clientSecret)
.tenantId(clientSecret)
.authorityHost(AzureAuthorityHosts.AZURE_CHINA)
.build();
SecretClient secretClientidentity = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(clientSecretCredential)
.buildClient();
完整代码
package com.example.demokeyvault;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import com.azure.identity.AzureAuthorityHosts;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
@SpringBootApplication
public class DemokeyvaultApplication {
public static void main(String[] args) {
SpringApplication.run(DemokeyvaultApplication.class, args);
System.out.println("Hello World!");
String keyVaultUri = "https://yourkeyvaultname.vault.azure.cn/";
System.out.printf(" key vault URI = %s \n", keyVaultUri);
// String userIdentityID = " - - - - ";
// .managedIdentityClientId(userIdentityID)
// /**
// * Authenticate with client secret.
// */
String clientID = "xxxx-xxxx-xxxx-xxxx-xxxx";
String tenantID = "xxxx-xxxx-xxxx-xxxx-xxxx";
String clientSecret = "xxxx.xxxx..4";
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientID)
.clientSecret(clientSecret)
.tenantId(clientSecret)
.authorityHost(AzureAuthorityHosts.AZURE_CHINA)
.build();
SecretClient secretClientidentity = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(clientSecretCredential)
.buildClient();
// /**
// * Authenticate with DefaultAzureCredentialBuilder.
// */
// SecretClient secretClientidentity = new SecretClientBuilder()
// .vaultUrl(keyVaultUri)
// .credential(new DefaultAzureCredentialBuilder()
// .authorityHost(AzureAuthorityHosts.AZURE_CHINA)
// .build())
// .buildClient();
String secretName = "testsecret01";
KeyVaultSecret retrievedSecret = secretClientidentity.getSecret(secretName);
System.out.println("Your secret's value is '" + retrievedSecret.getValue() + "'.");
System.out.println("done.");
}
}
POM.XML
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.9.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demokeyvault</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demokeyvault</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-secrets</artifactId>
<version>4.2.3</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.2.0</version>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
<version>3.4.19</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
参考资料
Client secret credential : https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity-service-principal-auth#client-secret-credential
适用于 Java 的 Azure Key Vault 机密客户端库 : https://docs.azure.cn/zh-cn/key-vault/secrets/quick-create-java?tabs=azure-cli
标签:xxxx,String,DefaultAzureCredentialBuilder,boot,Secret,import,azure,Java,com From: https://www.cnblogs.com/lulight/p/16739485.html