在 Java 中通过 MSI 读取 Azure Key Vault 机密

Question

我正在尝试通过 Java 中的托管服务标识 (MSI) 读取 Azure Key Vault 中的机密。 我想要令牌通过 MSI 访问密钥保管库。

.net 有一些参考资料可以做到这一点，但在 Java 中没有找到任何内容。 我不想通过客户端 ID/密钥或证书来做到这一点。

我想要一些接近于遵循 .net 代码的 Java 语言

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
try
{
    var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    var secret = await keyVaultClient.GetSecretAsync("https://abcded.vault.azure.net/secrets/secretname/").ConfigureAwait(false);
    ViewBag.Secret = $"Secret: {secret.Value}"; 
}
catch (Exception exp)
{
    ViewBag.Error = $"Something went wrong: {exp.Message}";
}

Answer 1

我们可以在 Java 中使用AppServiceMSICredentials 。 请尝试使用以下代码。

import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyBundle;

AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
keyVaultClient.getSecret("https://xxxx.vault.azure.net","secretName");

Answer 2

import com.microsoft.azure.credentials.MSICredentials;

MSICredentials credentials = new MSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
SecretBundle secret = keyVaultClient.getSecret("vaultbaseurl","secretName","secretversion");