我怎样才能从密钥库中获取秘密?
How can i get secret from key vault?
我想从 Azure 密钥保管库中获取机密。
我找到了下面的代码并试了一下。
但我因错误而失败了。
private String clientId= '<I put my client Id here>';
private String secret= '<I put my client secret here>';
KeyVaultClient client = new KeyVaultClient(credentials);
String secret = client.getSecret("https://<myVault>.vault.azure.net", "secret name").value();
log.debug("secret=============",secret);
}
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
我遇到如下错误:
[http-nio-8080-exec-1] ERROR c.t.c.e.GlobalExceptionHandler - Error >>> java.net.ConnectException: Failed to connect
如何从密钥库中获取机密?
还有什么我应该做的吗?
谢谢。
您似乎想使用应用程序访问 Azure 密钥保管库。
在 Azure AD 中注册 Web 应用
您可以在概览处获取客户端id(应用程序id)
添加秘密
在密钥保管库中分配访问策略
保存策略,使其生效。
代码示例
public class KeyVaultTest {
private static AuthenticationResult getAccessToken(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "dc17****-****-****-****-ea03****a5e7"; // Client ID
String clientKey = "1YWt******k21"; //Client Secret
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = null;
//Acquires token based on client ID and client secret.
if (clientKey != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
future = context.acquireToken(resource, credentials, null);
}
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://jackkv.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessToken(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
更新:
如果您遇到连接问题,请检查您是否为密钥保管库设置了防火墙。
如果您设置了防火墙,请将您的 IP 添加到允许列表中:
在从 Azure 密钥保管库获取机密之前,请确保您有权访问密钥保管库。确保登录或提供正确的 Azure 凭据。 you can refer this link for getting secret
或者你执行这个powershell命令Get-AzureKeyVaultSecret -VaultName 'VaultName' -Name 'sceretName'
我想从 Azure 密钥保管库中获取机密。
我找到了下面的代码并试了一下。 但我因错误而失败了。
private String clientId= '<I put my client Id here>';
private String secret= '<I put my client secret here>';
KeyVaultClient client = new KeyVaultClient(credentials);
String secret = client.getSecret("https://<myVault>.vault.azure.net", "secret name").value();
log.debug("secret=============",secret);
}
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
我遇到如下错误:
[http-nio-8080-exec-1] ERROR c.t.c.e.GlobalExceptionHandler - Error >>> java.net.ConnectException: Failed to connect
如何从密钥库中获取机密? 还有什么我应该做的吗?
谢谢。
您似乎想使用应用程序访问 Azure 密钥保管库。
在 Azure AD 中注册 Web 应用
您可以在概览处获取客户端id(应用程序id)
添加秘密
在密钥保管库中分配访问策略
保存策略,使其生效。
代码示例
public class KeyVaultTest {
private static AuthenticationResult getAccessToken(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "dc17****-****-****-****-ea03****a5e7"; // Client ID
String clientKey = "1YWt******k21"; //Client Secret
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = null;
//Acquires token based on client ID and client secret.
if (clientKey != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
future = context.acquireToken(resource, credentials, null);
}
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://jackkv.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessToken(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
更新:
如果您遇到连接问题,请检查您是否为密钥保管库设置了防火墙。
如果您设置了防火墙,请将您的 IP 添加到允许列表中:
在从 Azure 密钥保管库获取机密之前,请确保您有权访问密钥保管库。确保登录或提供正确的 Azure 凭据。 you can refer this link for getting secret
或者你执行这个powershell命令Get-AzureKeyVaultSecret -VaultName 'VaultName' -Name 'sceretName'