Read Azure key vault secret through MSI in Java

Question

I am trying to read secret in Azure Key Vault through Managed Service Identity (MSI) in Java. I want token to access the key vault through MSI.

There are references available for .net to do this but did not find anything in Java. I don't want to do this through Client id/secret key or certificates.

I want something in Java that is close to following .net code

using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
try
{
    var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    var secret = await keyVaultClient.GetSecretAsync("https://abcded.vault.azure.net/secrets/secretname/").ConfigureAwait(false);
    ViewBag.Secret = $"Secret: {secret.Value}"; 
}
catch (Exception exp)
{
    ViewBag.Error = $"Something went wrong: {exp.Message}";
}

Answer 1

We could use the AppServiceMSICredentials in Java. Please have a try use the following code.

import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyBundle;

AppServiceMSICredentials credentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
keyVaultClient.getSecret("https://xxxx.vault.azure.net","secretName");

Answer 2

import com.microsoft.azure.credentials.MSICredentials;

MSICredentials credentials = new MSICredentials(AzureEnvironment.AZURE);
KeyVaultClient keyVaultClient = new KeyVaultClient(credentials);
SecretBundle secret = keyVaultClient.getSecret("vaultbaseurl","secretName","secretversion");