Keyvault MSI with Spring boot : How to config keyvault to use Azure cli credentials instead of managed identity while running on local?

Question

I created a simple spring boot app to retrieve secrets from keyvault. I added the following dependency to work around with,

<dependency>
   <groupId>com.azure.spring</groupId>
   <artifactId>azure-spring-boot-starter-keyvault-secrets</artifactId>
   <version>3.5.0</version>
</dependency>

and added the following in application.properties

azure.keyvault.enabled=true
azure.keyvault.uri=<URL>

#keys
mySecretProperty=secret

and my main application,

@SpringBootApplication
public class KeyVaultSample implements CommandLineRunner {

    @Value("${mySecretProperty}")
    private String mySecretProperty;

    public static void main(String[] args) {
        SpringApplication.run(KeyVaultSample.class, args);
    }

    @Override
    public void run(String... args) {
        System.out.println("property your-property-name value is: " + mySecretProperty);
    }
}

But every time I tried to run the above app on local, it tries to use ManagedIdentityCredential to connect. So I added a configuration class for creating a bean for SecretClient with AzureCliCredential, but then too, the results are the same.

My Configuration class,

@Configuration
public class AppConfiguration {

@Bean
public SecretClient secretClient() {
  AzureCliCredential az = new AzureCliCredentialBuilder().build();
  SecretClient sec = new SecretClientBuilder().vaultUrl("<url>")
  .credential(az).buildClient();
  return sec;
 }
}​

I'm looking for ways I could use/test this keyvault on my local. Is there any configuration I could put in the properties file which would make it use AzureCliCredential instead of ManagedIdentityCredential?

Answer 1

azure-spring-boot-starter-keyvault-secrets uses MSI / Managed identities.

If you would like to authenticate with Azure CLI, just use azure-identity and azure-security-keyvault-secrets.

public void getSecretWithAzureCliCredential() {
    AzureCliCredential cliCredential = new AzureCliCredentialBuilder().build();

    // Azure SDK client builders accept the credential as a parameter
    SecretClient client = new SecretClientBuilder()
        .vaultUrl("https://{YOUR_VAULT_NAME}.vault.azure.net")
        .credential(cliCredential)
        .buildClient();

    KeyVaultSecret secret = secretClient.getSecret("<secret-name>");
    System.out.printf("Retrieved secret with name \"%s\" and value \"%s\"%n", secret.getName(), secret.getValue());

}

Answer 2

If you don't necessarily need the real thing in local (a test double can be fine instead of Azure Key Vault) you could try Lowkey Vault too! It supports keys and secrets using a local container and you can fake the authentication using a simple basic auth.

Project home: https://github.com/nagyesta/lowkey-vault

Java POC (although not using the Spring Boot starter): https://github.com/nagyesta/lowkey-vault-example

Answer 3

You can do it in this way:-

let oldArray = ['9:00', '9:40', '9:50', '11:00', '15:00', '18:00'];
let newArray = oldArray.map(elem => elem.replace(':',''));
console.log(newArray);

Answer 4

First, you need a regular expression for this similar to this one:

var regExpStuff = /[/:]/;
var array = removeItem(unique, regExpStuff);

Then you need a remove function with splice method and using the regex above:

function removeItem(originalArray, itemToRemove) {
    var j = 0;
    while (j < originalArray.length) {
        if (originalArray[j] == itemToRemove) {
            originalArray.splice(j, 1);
    } else { j++; }
}
return originalArray;
}

Answer 5

Use map to apply a callback to each element of the array, and return the processed result.

let arr = ['9:00', '9:40', '9:50', '11:00', '15:00', '18:00']
arr = arr.map(v => v.replace(/:/g, '')

Flag g for Regex will replace all : occurrences. Without it only the first : will be removed.

Answer 6

Although there are other solutions that use less lines of code, the following is easier to read. Loop through your list of dates and for each date, replace the colon character with a blank.

var list = [ '9:00', '9:40', '9:50', '11:00', '15:00', '18:00' ];

for (var i = 0; i < list.length; i++)
{
  list[i] = list[i].replace(':', ''); 
}