如何從密鑰保管庫中獲取機密?
[英]How can i get secret from key vault?
問題描述
我想從 Azure Key Vault 獲取機密。
我在下面找到了代碼並嘗試了它。 但我因錯誤而失敗。
private String clientId= '<I put my client Id here>';
private String secret= '<I put my client secret here>';
KeyVaultClient client = new KeyVaultClient(credentials);
String secret = client.getSecret("https://<myVault>.vault.azure.net", "secret name").value();
log.debug("secret=============",secret);
}
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
我收到如下錯誤:
[http-nio-8080-exec-1] ERROR c.t.c.e.GlobalExceptionHandler - Error >>> java.net.ConnectException: Failed to connect
如何從密鑰保管庫中獲取機密? 還有什么我應該做的嗎?
謝謝你。
2 個解決方案
解決方案1
2 已采納 2019-09-03 06:37:37
您似乎想通過應用程序訪問 azure 密鑰保管庫。
在 Azure AD 中注冊 Web 應用
您可以在概覽中獲取客戶端 ID(應用程序 ID)
添加秘密
在 Key Vault 中分配訪問策略
保存策略,使其生效。
代碼示例
public class KeyVaultTest {
private static AuthenticationResult getAccessToken(String authorization, String resource) throws InterruptedException, ExecutionException, MalformedURLException {
String clientId = "dc17****-****-****-****-ea03****a5e7"; // Client ID
String clientKey = "1YWt******k21"; //Client Secret
AuthenticationResult result = null;
//Starts a service to fetch access token.
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = null;
//Acquires token based on client ID and client secret.
if (clientKey != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
future = context.acquireToken(resource, credentials, null);
}
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("Authentication results were null.");
}
return result;
}
public static void main(String[] args) {
String vaultBase = "https://jackkv.vault.azure.net/";
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultCredentials(){
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
String token = null;
try {
AuthenticationResult authResult = getAccessToken(authorization, resource);
token = authResult.getAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
return token;
}
});
SecretBundle test = keyVaultClient.getSecret(vaultBase, "test");
System.out.println(test.value());
}
}
更新:
如果遇到連接問題,請檢查是否為 Key Vault 設置了防火牆。
如果您設置了防火牆,請將您的 IP 添加到允許列表中:
解決方案2
1 2019-09-03 06:38:27
從 Azure Key Vault 獲取機密之前,請確保您有權訪問 Key Vault。 確保登錄或提供正確的 Azure 憑據。 你可以參考這個鏈接來獲取秘密
或者你執行這個 powershell 命令Get-AzureKeyVaultSecret -VaultName 'VaultName' -Name 'sceretName'
如何使用已生成的 AES 256 GCM 96 密鑰(來自 Hashicorp Vault)加密數據?
[英]How can I encrypt data with an already generated AES 256 GCM 96 key (coming from Hashicorp Vault)?
使用帶有服務令牌的 java 應用程序從 hashcorp 保險庫獲取秘密
[英]Get secret from hashicorp vault using java application with service token
如何從 Azure 密鑰保管庫獲取 Azure 存儲帳戶訪問密鑰
[英]How to get Azure storage account access key from Azure key vault
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.