堆棧內存溢出
  簡體   English   中英

在 Springboot 應用程序中從 Azure Key Vault 獲取機密時面臨問題

[英]Facing issue with getting secrets from Azure Key Vault in a Springboot Application

 原文  2022-10-07 07:22:34       java/ spring/ spring-boot/ azure-keyvault/ azure-secrets

問題描述

我在 springboot 項目中從 azure key vault 獲取機密時遇到了一些問題。 我創建了一個示例 springboot 項目,為此它工作正常,但在我的實際應用程序中它不工作,因為它顯示 null 作為秘密值。

實際的應用程序是不同的,因為它連接到數據庫。 我實際應用中沒有controller。 我是這個密鑰保管庫概念的新手。 我的主要目標是僅從密鑰保管庫中獲取運行的數據庫憑據,但我無法僅在我的實際項目中獲取樣本值。 指導我如何實現這個/我做錯了什么

示例項目 application.property 文件具有此代碼

server.port=8090
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id= xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=xxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https:xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=xxxxxx

Controller

@SpringBootApplication
@RestController
public class DatafeedKeyvaultApplication implements CommandLineRunner{
    
    @Value("${connectionString}")
    private String connectionString;
    public static void main(String[] args) {
        SpringApplication.run(DatafeedKeyvaultApplication.class, args);
    }
    
    @GetMapping("get")
    public String get() {
        return connectionString;
    }

    public void run(String... varl) throws Exception {
        System.out.println(String.format("\nConnection String stored in Azure Key Vault:\n%s\n",connectionString));
    }

}

在這里我能夠從密鑰庫中獲取值。

但在我的實際項目應用程序中它沒有發生,它只返回 null 值。

#azure.keyvault.enabled=true
#spring.cloud.azure.keyvault.secret.property-sources[0].enabled=true

spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=xxxx
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=xxxxxx
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=xxxxx
server.port=8090

spring.jpa.properties.hibernate.default_schema=acn
spring.jpa.properties.hibernate.format_sql = false
spring.jpa.show-sql=false
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.jpa.hibernate.ddl-auto = update
spring.jackson.default-property-inclusion = NON_NULL
spring.main.web-application-type=NONE
spring.main.banner-mode = off
logging.level.root=error
    
################ MSPS DB Configuration ################
INTEGRATION_MSPS_DBSERVER_URL=xxxxxxx
MSPS_DB_INTEGRATED_SECURTY =false
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
spring.datasource.url=jdbc:sqlserver://${INTEGRATION_MSPS_DBSERVER_URL};databaseName=ACN_MSPSJiraInteg;integratedSecurity=${MSPS_DB_INTEGRATED_SECURTY};
spring.datasource.username= xxxxx
spring.datasource.password=xxxxx

我已經檢查了 java 版本、依賴項、屬性文件中的憑據,一切都是正確的,但我仍然無法在我的實際項目中獲取 keyvault 值。

@SpringBootApplication
public class JiraMspsUtilityApplication implements CommandLineRunner {
    
    @Value("${datafeed-sample-value}")
     private static String keyvault_value;

    private static final Logger loggerForWorkitemMetrics = LoggerFactory.getLogger("metricsUpdatAppender");
    private static final Logger LoggerForSharedPlanUpdate = LoggerFactory.getLogger("sharedPlanUpdateAppender");

    @Autowired
    ConfigProperties configProp;

    @Autowired
    JIRAMSPSService jiraMspsService;

    private static final Logger logger = LoggerFactory.getLogger("JiraMspsUtilityApplication");

    static {
        
        System.out.println("key vault value "+ keyvault_value);
        logger.info("key vault value "+ keyvault_value);
        
        boolean isExistEC = false;
        Provider[] providers = Security.getProviders();
        for (Provider provider : providers) {
            logger.info("CRYPTO provider: " + provider.getName().toString());
            Set<Provider.Service> services = provider.getServices();
            for (Provider.Service service : services) {
                logger.info("CRYPTO algorithm: " + service.getAlgorithm());
                if (service.getAlgorithm().equals("EC")) {
                    isExistEC = true;
                }
            }
        }
        if (isExistEC) {
            logger.info("BC security provider not added for EC algorithm as JRE already able to find it");
        } else {
            Security.addProvider(new BouncyCastleProvider());
            logger.info("BC security provider added for EC algorithm");
        }
    }
    
    public static void main(String[] args) {
        SpringApplication app = new SpringApplication(JiraMspsUtilityApplication.class);

        app.run(args);
        
        System.out.println(String.format("\n1. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value));
        logger.info("\n1. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value);
        
    }

    @Override
    public void run(String... args) throws IOException {

     System.out.println(String.format("\n2. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value));
         
         logger.info("\n2. Key Valut value stored in Azure Key Vault:\n%s\n",keyvault_value);

        if (args.length == 0) {
            loggerForWorkitemMetrics.info("There were no commandline arguments passed");
            LoggerForSharedPlanUpdate.info("There were no commandline arguments passed");
            System.exit(1);
        } else if (args.length > 1) {
            loggerForWorkitemMetrics.info("More than one argument passed");
            LoggerForSharedPlanUpdate.info("More than one argument passed");
            System.exit(1);
        } else {

            if (Integer.parseInt(args[0]) == 0) {
                boolean flag = jiraMspsService.updateWorkRequestMetricsInJira();
                if (flag) {
                    System.exit(0);
                } else {
                    loggerForWorkitemMetrics.info("WORK REQUEST METRICS UPDATE PROCESS INCOMPLETE DUE TO ERROR");
                }
            } else if (Integer.parseInt(args[0]) == 1) {
                boolean flag = jiraMspsService.updateSharedWorkplanEntries();
                if (flag) {
                    System.exit(0);
                } else {
                    LoggerForSharedPlanUpdate.info("SHARED PLANS UPDATE PROCESS INCOMPLETE DUE TO ERROR");
                }

            } else {
                loggerForWorkitemMetrics.info(
                        "Invalid argument(s) passed.");
                LoggerForSharedPlanUpdate.info(
                        "Invalid argument(s) passed.");
                System.exit(1);

            }
        }
    }
}

1 個解決方案

解決方案1
 -1  2022-11-24 03:22:46

嘗試添加資源端點:

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=

我希望它有用

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 從 Azure Key Vault 獲取機密 您可以參考 application.properties 中的 Azure Key Vault 機密嗎? 如何使用 java 5 從 azure Vault 中檢索秘密? 如何從Azure Key Vault檢索私鑰 從數組獲取最大整數時面臨的問題 從 Azure Key Vault 檢索證書(JKS 或 PFX) 從 azure Key Vault 按值獲取秘密名稱 在啟動時僅獲取一次密鑰保管庫機密列表 在 HashiCorp Vault 中安全地存儲 Spring Boot 應用程序的秘密? Azure Key Vault 在本地工作,但在 azure 雲中出現 403 禁止錯誤
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM