堆栈内存溢出
  繁体   English   中英

在 Springboot 应用程序中从 Azure Key Vault 获取机密时面临问题

[英]Facing issue with getting secrets from Azure Key Vault in a Springboot Application

 原文  2022-10-07 07:22:34       java/ spring/ spring-boot/ azure-keyvault/ azure-secrets

问题描述

我在 springboot 项目中从 azure key vault 获取机密时遇到了一些问题。 我创建了一个示例 springboot 项目,为此它工作正常,但在我的实际应用程序中它不工作,因为它显示 null 作为秘密值。

实际的应用程序是不同的,因为它连接到数据库。 我实际应用中没有controller。 我是这个密钥保管库概念的新手。 我的主要目标是仅从密钥保管库中获取运行的数据库凭据,但我无法仅在我的实际项目中获取样本值。 指导我如何实现这个/我做错了什么

示例项目 application.property 文件具有此代码

server.port=8090
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id= xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=xxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https:xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=xxxxxx

Controller

@SpringBootApplication
@RestController
public class DatafeedKeyvaultApplication implements CommandLineRunner{
    
    @Value("${connectionString}")
    private String connectionString;
    public static void main(String[] args) {
        SpringApplication.run(DatafeedKeyvaultApplication.class, args);
    }
    
    @GetMapping("get")
    public String get() {
        return connectionString;
    }

    public void run(String... varl) throws Exception {
        System.out.println(String.format("\nConnection String stored in Azure Key Vault:\n%s\n",connectionString));
    }

}

在这里我能够从密钥库中获取值。

但在我的实际项目应用程序中它没有发生,它只返回 null 值。

#azure.keyvault.enabled=true
#spring.cloud.azure.keyvault.secret.property-sources[0].enabled=true

spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=xxxx
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=xxxxx
server.port=8090

spring.jpa.properties.hibernate.default_schema=acn
spring.jpa.properties.hibernate.format_sql = false
spring.jpa.show-sql=false
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.jpa.hibernate.ddl-auto = update
spring.jackson.default-property-inclusion = NON_NULL
spring.main.web-application-type=NONE
spring.main.banner-mode = off
logging.level.root=error
    
################ MSPS DB Configuration ################
INTEGRATION_MSPS_DBSERVER_URL=xxxxxxx
MSPS_DB_INTEGRATED_SECURTY =false
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
spring.datasource.url=jdbc:sqlserver://${INTEGRATION_MSPS_DBSERVER_URL};databaseName=ACN_MSPSJiraInteg;integratedSecurity=${MSPS_DB_INTEGRATED_SECURTY};
spring.datasource.username= xxxxx
spring.datasource.password=xxxxx

我已经检查了 java 版本、依赖项、属性文件中的凭据,一切都是正确的,但我仍然无法在我的实际项目中获取 keyvault 值。

@SpringBootApplication
public class JiraMspsUtilityApplication implements CommandLineRunner {
    
    @Value("${datafeed-sample-value}")
     private static String keyvault_value;

    private static final Logger loggerForWorkitemMetrics = LoggerFactory.getLogger("metricsUpdatAppender");
    private static final Logger LoggerForSharedPlanUpdate = LoggerFactory.getLogger("sharedPlanUpdateAppender");

    @Autowired
    ConfigProperties configProp;

    @Autowired
    JIRAMSPSService jiraMspsService;

    private static final Logger logger = LoggerFactory.getLogger("JiraMspsUtilityApplication");

    static {
        
        System.out.println("key vault value "+ keyvault_value);
        logger.info("key vault value "+ keyvault_value);
        
        boolean isExistEC = false;
        Provider[] providers = Security.getProviders();
        for (Provider provider : providers) {
            logger.info("CRYPTO provider: " + provider.getName().toString());
            Set<Provider.Service> services = provider.getServices();
            for (Provider.Service service : services) {
                logger.info("CRYPTO algorithm: " + service.getAlgorithm());
                if (service.getAlgorithm().equals("EC")) {
                    isExistEC = true;
                }
            }
        }
        if (isExistEC) {
            logger.info("BC security provider not added for EC algorithm as JRE already able to find it");
        } else {
            Security.addProvider(new BouncyCastleProvider());
            logger.info("BC security provider added for EC algorithm");
        }
    }
    
    public static void main(String[] args) {
        SpringApplication app = new SpringApplication(JiraMspsUtilityApplication.class);

        app.run(args);
        
        System.out.println(String.format("\n1. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value));
        logger.info("\n1. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value);
        
    }

    @Override
    public void run(String... args) throws IOException {

     System.out.println(String.format("\n2. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value));
         
         logger.info("\n2. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value);

        if (args.length == 0) {
            loggerForWorkitemMetrics.info("There were no commandline arguments passed");
            LoggerForSharedPlanUpdate.info("There were no commandline arguments passed");
            System.exit(1);
        } else if (args.length > 1) {
            loggerForWorkitemMetrics.info("More than one argument passed");
            LoggerForSharedPlanUpdate.info("More than one argument passed");
            System.exit(1);
        } else {

            if (Integer.parseInt(args[0]) == 0) {
                boolean flag = jiraMspsService.updateWorkRequestMetricsInJira();
                if (flag) {
                    System.exit(0);
                } else {
                    loggerForWorkitemMetrics.info("WORK REQUEST METRICS UPDATE PROCESS INCOMPLETE DUE TO ERROR");
                }
            } else if (Integer.parseInt(args[0]) == 1) {
                boolean flag = jiraMspsService.updateSharedWorkplanEntries();
                if (flag) {
                    System.exit(0);
                } else {
                    LoggerForSharedPlanUpdate.info("SHARED PLANS UPDATE PROCESS INCOMPLETE DUE TO ERROR");
                }

            } else {
                loggerForWorkitemMetrics.info(
                        "Invalid argument(s) passed.");
                LoggerForSharedPlanUpdate.info(
                        "Invalid argument(s) passed.");
                System.exit(1);

            }
        }
    }
}

1 个解决方案

解决方案1
 -1  2022-11-24 03:22:46

尝试添加资源端点:

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=

我希望它有用

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 Azure Key Vault 获取机密 您可以参考 application.properties 中的 Azure Key Vault 机密吗? 如何使用 java 5 从 azure Vault 中检索秘密? 如何从Azure Key Vault检索私钥 从数组获取最大整数时面临的问题 从 Azure Key Vault 检索证书(JKS 或 PFX) 从 azure Key Vault 按值获取秘密名称 在启动时仅获取一次密钥保管库机密列表 在 HashiCorp Vault 中安全地存储 Spring Boot 应用程序的秘密? Azure Key Vault 在本地工作,但在 azure 云中出现 403 禁止错误
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM