Reputation: 288
Azure Key Vault Certificate Management using Java
My solution involves creation of a certificate in keyvault using Java. Below are the ways I tried to do it but was not successful.
- DefaultAzureCredentialBuilder:The most basic form of creation of the certificate wherein I have to export the clientId, clientSecret and the tenantId in the environment variables and create a Certificate Client as below:
CertificateClient certificateClient = new CertificateClientBuilder()
.vaultUrl("https://valueUrl.vault.azure.net")
.credential(new DefaultAzureCredentialBuilder().build()).buildClient();
- ADAL: This is the one I am more interested in as I can send in my details of client id, secret and tenantid and then instantiate the certificate client. I tried using this and still was not successful. The snippet is as below:
ClientCertificateCredential certCreds = new ClientCertificateCredentialBuilder()
.clientId("clientId")
.pfxCertificate("C:\\MyCerft.pfx", "123")
.tenantId("tenantId").build();
CertificateClient certificateClient1 = new CertificateClientBuilder()
.vaultUrl("https://vaultUrl.vault.azure.net/")
.credential(certCreds).buildClient();
The source of the samples are from below:
- https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/keyvault/azure-security-keyvault-certificates
- https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/identity/azure-identity
But both the above throw out the same error of mismatch in signature in the credentialBuilder class as
com.azure.security.keyvault.certificates.CertificateClientBuilder"'s signer information does not match
signer information of other classes in the same package
Below is dependencies in my pom file:
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-certificates</artifactId>
<version>4.0.0</version>
</dependency> `
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.0.4</version> <!-- {x-version-update;com.azure:azure-identity;dependency} -->
</dependency>
I would really like to do it the second way as that is much safer and lets me do some config settings that I have to set in the first case. But, at this point, I would even take the first, in case there is an outcome there.
Also, I do not understand why for the second way, microsoft haven't given the client secret as a parameter but expect a certificate(pfx/pem) to the solution to authenticate. As, I believe the sdk should allow accept both ways of access.
Any suggestions on what am I possibly missing here would be of great help as this is something I picked straight from the official documentation from Microsoft.
Cheers
Upvotes: 0
Views: 763
Answers (1)
Reputation: 5549
It could be a BUG. I resolved it by using SDKs of the following version:
<!-- https://mvnrepository.com/artifact/com.azure/azure-identity -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.0-beta.2</version>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/com.azure/azure-security-keyvault-certificates -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-certificates</artifactId>
<version>4.1.0-beta.1</version>
</dependency>
Upvotes: 0
Related Questions
- Load certificate and private key into Java KeyStore
- Accessing Key vault in Azure active directory App registration
- Azure Key Vault Certificate based Authenication
- Accessing Azure Key Vault for local development
- Azure kubernetes - java spring app & managed identity to access key vault?
- Accessing Azure Key Vault from JAVA Azure App Service using managed identities
- How to create key in Azure Key Vault by Java SDK?
- Read Azure key vault secret through MSI in Java
- Azure Key Vault Protecting Certificate
- Authenticating Azure Key Vault using Java