Context: I am trying to download and save Azure Vault keys on a container - with the purpose of using them later to encrypt or decrypt content.
I am using Java with azure-identity 1.7.1 and com.azure.security.keyvault.keys libraries.
The problem is that I cannot figure out how to download the private portion of the key. When trying to use the key to decrypt content I get the following error
java.lang.IllegalArgumentException: Private portion of the key not available to perform decrypt operation
Following is the code used to save the key to disk. How can one modify the code to get both the public and the private portion of the key?!
DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
KeyClient keyClient = new KeyClientBuilder()
.vaultUrl("https://<MY VAULT>.vault.azure.net/")
.credential(defaultCredential)
.buildClient();
JsonWebKey jsonWebKey = keyClient.getKey("<MY KEY>").getKey();
ObjectMapper mapper = new ObjectMapper();
String json = mapper.writeValueAsString(jsonWebKey);
try (PrintWriter writer = new PrintWriter("my-key.json")) {
writer.print(json);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
- Is the private portion of the key available?
- Should the key be created in a certain way to make that available in the first place?
Note: for Certificates one can download the associated secret, base64 decode it and save it as PFX, and that will includes the highly sought-after private key! Also, the Azure portal interface includes an equivalent "download PFX" button. Nothing for keys in the vault??!
