访问 Azure Key Vault 以进行本地开发
[英]Accessing Azure Key Vault for local development
问题描述
I am trying to access Azure Key Vault local by using Service Principle credentials from local for development perspective.
我正在尝试通过使用本地服务原则凭据来访问本地 Azure Key Vault 以进行开发。
But it seems that Azure SDK is always checking IMDS connectivity ("169.254.169.254")但似乎 Azure SDK 总是在检查 IMDS 连接(“169.254.169.254”)
Code I used to retrieve secret:我用来检索秘密的代码:
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();
I also added below variables as env variables:我还添加了以下变量作为环境变量:
- AZURE_CLIENT_ID AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET AZURE_CLIENT_SECRET
- AZURE_TENANT_ID AZURE_TENANT_ID
Can somebody help me with how can we access azure resources like key vault from our local using Service Principle in java有人可以帮助我了解如何使用 java 中的服务原则从我们本地访问 azure 资源,例如密钥库
2 个解决方案
解决方案1
2 2021-03-11 02:22:25
To use service principal to auth locally, just use ClientSecretCredential .要使用服务主体在本地进行身份验证,只需使用ClientSecretCredential 。
Sample:样本:
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
public class vacate {
public static void main(String[] args) {
String clientId="xxxxxx";
String clientSecret="xxxxxx";
String tenantId="xxxxxx";
ClientSecretCredential credential1 = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(credential1)
.buildClient();
//do other things
}
}
Actually, I think DefaultAzureCredential you used should also work, it tries to create a valid credential in the following order , if you have already set the environment variable correctly, it should work, if not, just use the ClientSecretCredential like above, it will work.实际上,我认为您使用的DefaultAzureCredential也应该可以工作,它会尝试按以下顺序创建有效的凭据,如果您已经正确设置了环境变量,它应该可以工作,如果没有,只需使用上面的ClientSecretCredential就可以了.
解决方案2
0 已采纳 2021-03-11 07:02:13
The way it fixed my problem (and may be will help others as well):它解决我的问题的方式(可能也会帮助其他人):
Indeed as mentioned in Joy's answer, you need to use ClientSecretCredential or you can also use Azure Toolkit for IntelliJ for authentication
事实上,正如乔伊的回答中提到的,您需要使用 ClientSecretCredential 或者您也可以使用Azure Toolkit for IntelliJ进行身份验证I was using old azure identity which was going to old authentication end point login.microsoftonline.com/{{tenant_id}} which got fixed after upgrading to latest version (1.2.3).
我使用的是旧的 azure 身份,该身份将转到旧的身份验证端点 login.microsoftonline.com/{{tenant_id}},在升级到最新版本 (1.2.3) 后得到修复。 Now it goes to new end point of login.microsoftonline.com/common/oauth2现在它转到 login.microsoftonline.com/common/oauth2 的新端点For me, I was also getting a lot of SSL errors.
对我来说,我也遇到了很多 SSL 错误。 To fix it adding below certificates to trusted certificates worked:要修复它,将以下证书添加到受信任的证书中:- DigiCert Global Root CA DigiCert 全球根 CA
- DigiCert SHA2 Secure Server CA DigiCert SHA2 安全服务器 CA
- DigiCert Global Root CA
If your network is behind a proxy, you also need to configure proxy and added corresponding CA Root certificate to your keystore and truststore.
如果您的网络在代理之后,您还需要配置代理并将相应的 CA Root 证书添加到您的密钥库和信任库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.