Extended AzureKeyVault example

[3millionminds]

Hello everyone.

First of all, thanks @ebourg for creating and maintaining this plugin.

I am having a little bit of trouble implementing it in Maven, since I am a noob tbqh.

We don't have many Java builds in our company, and I am also lacking much experience with Maven builds.

Long story short, until recently we were using a local certificate and the jarsigner plugin to sign a .jar file generated during the build.
Since jarsigner does not support Azure Key Vault, I did some searching and found this plugin.

Question is, can this plugin be used without having to use az to get an access token?
Basically I'd like to do this exclusively from the pom file, and without need additional tools (it would be very hard to get az installed on the machine where this is built, because it is ancient and will require too many approvals)

On our Windows builds we sign with azuresigntool.exe and we need to feed it a lot more parameters than jsign takes in.

azuresigntool.exe sign --verbose 
    --azure-key-vault-tenant-id ████████
    --azure-key-vault-url https://████████.vault.azure.net/ 
    --azure-key-vault-client-id ████████
    --azure-key-vault-client-secret ████████
    --azure-key-vault-certificate ████████
    --timestamp-authenticode http://timestamp.digicert.com/
    FileName.exe

Maybe someone already ran into this issue and found a solution.

Any help appreciated.

Thanks!

[cocowalla]

Did you ever find a way to do this?

[ebourg]

Can this plugin be used without having to use az to get an access token?

No sorry, not currently. That would require implementing the Azure authentication logic into Jsign and I'm a bit reluctant to follow this path because there are just too many ways to obtain a token. But if someone wants to contribute it I'll think about it.

Something you could try would be to run a plugin generating the token before jsign-maven-plugin is invoked. Maybe azure-maven-plugins could be used for that, or a scripting plugin using the Azure SDK.