page_type | languages | products | description | urlFragment | ||
---|---|---|---|---|---|---|
sample |
|
|
This sample uses certificate based service principal authentication to work with Keyvaults. |
Hybrid-KeyVault-Java-Manage-Secrets-Certificate-Based-Auth |
- Create a Key Vault using certificate based authentication
- Create a secret inside the Key Vault
- Get the secret
- Delete the Resource Group
To run this sample:
-
Clone the repository using the following command:
git clone https://github.com/Azure-Samples/Hybrid-KeyVault-Java-Manage-Secrets-Certificate-Based-Auth.git
-
Create an Azure service principal and assign a role to access the subscription. For instructions on creating a service principal, see Use Azure PowerShell to create a service principal with a certificate.
-
Export the service principal certificate as a pfx file.
-
Set the following required environment variable values:
- AZURE_TENANT_ID
- AZURE_CLIENT_ID
- AZURE_OBJECT_ID (To set access permissions for KeyVault. You can retrieve this value from the output during Service Principal Creation)
- AZURE_CERT_SECRET
- AZURE_CERT_PATH
- AZURE_SUBSCRIPTION_ID
- ARM_ENDPOINT
- RESOURCE_LOCATION
-
Change directory to Hybrid sample:
- cd Hybrid-KeyVault-Java-Manage-Secrets-Certificate-Based-Auth
-
Run the sample:
- mvn clean compile exec:java
The Key Vault secrets SDK here is com.azure:azure-security-keyvault-secrets, if you are using the latest version of the Key Vault SDK package, please refer to the following examples:
-
IdentityReadmeSamples.java shows multiple ways to authenticate the Key Vault client via DefaultAzureCredential, device code, client secret or certificate in addition to others.
-
HelloWorld.java - Examples for common Key Vault tasks:
- Create a secret inside the Key Vault
- Get the secret
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.