I want to connect to azure key vault using quarkus application. I have stored some secrets on azure key vault , need to connect to azure key vault (without exposing service principal secret) , retrieve the values of the secret configured in azue key vault and use that in my application. I am not getting how to achieve this. can someone help.
0
votes
2 Answers
0
votes
I never did something like that using Quarkus, but there a few ways:
1- You'll need to authenticate and get an access token from Azure Active Directory. Then, you'll pass the token into the request to get the secret:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication-requests-and-responses
https://docs.microsoft.com/en-us/rest/api/keyvault/
2- As another alternative, you can use an Azure Function + Key Vault Reference to get the secrets, then pass them to your Quarkus application. You can do it using Azure Functions Custom Handlers:
3-I'm not 100% sure, but I guess you can use regular java to retrieve the secrets in your quarkus app too:
https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-java
0
votes
There are multiple ways to authenticate to an Azure Key Vault to choose from and not all of them need you to provide your service principal's secret. Just remember to make sure that you pass the selected Credential object to your Key Vault Secrets client when instantiating it a SecretClientBuilder:
SecretClient secretClient = new SecretClientBuilder()
.vaultUrl("<your-key-vault-url>")
.credential(new DefaultAzureCredentialBuilder().build()) // This is one of many types of credentials you can use
.buildClient();
