[英]Keyvault MSI with Spring boot : How to config keyvault to use Azure cli credentials instead of managed identity while running on local?
[英]How to set up azure keyvault for spring boot app?
由于我们使用的是旧版本的 azure 密钥库(azure-keyvault-secrets-spring-boot-starter 2.2.1),因此发生了一些依赖项不兼容,但它已更新,我们正在将其升级到 azure-spring-boot-starter- keyvault-secrets 4.0.0. 现在 keyvault 没有连接可能是因为 application.yml keyvault 配置的语法错误。
这是之前使用 2.2.1 版本时的情况:
azure:
keyvault:
uri: ${uri}
client-id: ${clientId}
client-key: ${clientKey}
token-acquire-timeout-seconds: 120
这就是我们现在正在尝试的方式,但它没有连接。
spring:
cloud:
azure:
keyvault:
secret:
property-sources:
uri: ${uri}
client-id: ${clientId}
client-key: ${clientKey}
token-acquire-timeout-seconds: 120
这个 azure keyvault 版本配置的正确语法是什么?
将spring-cloud-azure-starter-keyvault-certificates
的以下依赖项添加到pom.xml
文件中。
<properties>
<version.spring.cloud.azure>4.3.0</version.spring.cloud.azure>
</properties>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-dependencies</artifactId>
<version>${version.spring.cloud.azure}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
spring.cloud.azure.keyvault.secret.property-source-enabled=true
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=<your client ID>
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=<your client key>
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://contosokv.vault.azure.net/
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=<your tenant ID>
上述参考资料取自Microsoft 文档,并参考此内容以了解有关将 Key Vault 配置添加到应用程序的更多信息。
它很可能看起来像这样:
spring:
cloud:
azure:
keyvault:
secret:
property-sources[0]:
endpoint: ${uri}
credential:
client-id: ${clientId}
client-secret: ${clientKey}
从从 3.xx 到 4.x 的迁移指南( 直接链接):
旧版属性 | 现代物业 |
---|---|
azure.keyvault.case-sensitive-keys | spring.cloud.azure.keyvault.secret.property-sources[n].case-sensitive |
azure.keyvault.certificate-password | spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-certificate-password |
azure.keyvault.certificate-path | spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-certificate-path |
azure.keyvault.client-id | spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-id |
azure.keyvault.client-key | spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-secret |
azure.keyvault.enabled | spring.cloud.azure.keyvault.secret.enabled and spring.cloud.azure.keyvault.secret.property-source-enabled |
azure.keyvault.refresh-interval | spring.cloud.azure.keyvault.secret.property-sources[n].refresh-interval |
azure.keyvault.secret-keys | spring.cloud.azure.keyvault.secret.property-sources[n].secret-keys |
azure.keyvault.tenant-id | spring.cloud.azure.keyvault.secret.property-sources[n].profile.tenant-id |
azure.keyvault.uri | spring.cloud.azure.keyvault.secret.property-sources[n].endpoint |
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.