如何使用Java 5从Azure Vault检索机密?

huangapple go评论83阅读模式
英文:

how to retrieve secrets from azure vault using java 5?

问题

我必须从Azure Vault中检索机密,但我的应用程序使用JDK 5。这是一个问题,因为Microsoft文档中使用和描述的Azure库要求至少JDK 8,并且升级JDK不是一个选项。

客户的架构师说我可以使用一些Vault API,并使用Bouncy Castle的TLS API来实现这一点,但我不确定他在说什么。

这听起来太底层了。我正在寻求指导,一些过度的解释可以帮助我入门。如何在Java 5中获取机密?

英文:

I have to retrieve secrets from Azure Vault but my app uses jdk 5. This is a problem because the azure libraries used and described in Microsoft docs require at minimum jdk 8 and upgrading the jdk is not an option.

The client's architect says that I can consume some vault api and use bouncy castle's tls api to achieve this but I'm not sure what is he talking about.

This sounds too low level. I'm asking for guidance, some superfluous explanation can get me going. How can I obtain secrets using Java 5?

答案1

得分: 2

按照架构师的说法,您可以通过Key Vault REST API而不是Azure库从Key Vault中检索秘密。

GET https://{yourvault}.vault.azure.net/secrets?api-version=7.1

API用于列出特定密钥保管库中的秘密。您可以通过此链接从给定的密钥保管库中获取指定的秘密。


首先,使用Post通过ApacheHttpClient获取访问令牌。

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={your-client-id}
&scope=https%3A%2F%2Fvault.azure.net%2F.default
&client_secret={your-client-secret}
&grant_type=client_credentials

然后,使用Get通过ApacheHttpClient调用REST API。

GET https://{yourvault}.vault.azure.net/secrets?api-version=7.1
Authorization: Bearer {access_token}

我使用Postman尝试了这个方法,效果很好。您可以使用httpclient来通过Java获取秘密。

如何使用Java 5从Azure Vault检索机密?

注意:

转到Azure门户 > 密钥保管库 > your_key_vault > 访问策略 > 添加访问策略。在秘密权限字段中,选择所需的权限,并在主体部分中选择要用于访问秘密的应用程序。

英文:

As the architect says, you could retrieve a secret from Key Vault by Key Vault REST API instead of azure libraries.

GET https://{yourvault}.vault.azure.net/secrets?api-version=7.1

This API is used to list secrets in a specified key vault. And you could get a specified secret from a given key vault by this link.


First, get access_token with Post via ApacheHttpClient.

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={your-client-id}
&scope=https%3A%2F%2Fvault.azure.net%2F.default
&client_secret={your-client-secret}
&grant_type=client_credentials

Then, call the REST API with Get via ApacheHttpClient.

GET https://{yourvault}.vault.azure.net/secrets?api-version=7.1
Authorization: Bearer {access_token}

I try this with Postman, and it works well. You could use httpclient to obtain secrets by java.

如何使用Java 5从Azure Vault检索机密?

Note:

Navigate to Azure Portal > Key vaults > your_key_vault > Access policies > Add Access Policy. In secret permissions field, select desired permissions and Select Principal section, select the application that you are using to access the secret.

huangapple
  • 本文由 发表于 2020年9月1日 00:37:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/63674755.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定