Azure Key Vault authenticates requests via Azure Active Directory OAuth access tokens. All clients in the azure-keyvault package require an instance of the TokenCredential interface. The TokenCredential interface is located in the azure-common package.
While some applications with special requirements may choose to provide a TokenCredential implementation of their own, most can utilize the implementations provided by the Azure Identity library.
To use the Azure Identity Library for authenticating client requests, you must first reference the azure-identity package in your project. The following reference should be added to the project pom.xml dependencies section:
<dependency>
<groupId>com.azure.identity</groupId>
<artifactId>azure-identity</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>The default credential provider is a TokenCredential implementation which enables your app to seemlessly authenticate both in your development environment and when deployed to the Azure cloud.
To utilize the default credential provider you must import the AzureCredential class.
import com.azure.identity.credential.AzureCredential;The default credential provider is then accessed through the static DEFAULT field, and is used to construct clients.
SecretClient client = new SecretClientBuilder()
.vaultEndpoint("https://samplevault.vault.azure.net")
.credentials(AzureCredential.DEFAULT)
.build();In the development environment your development credentials are read from environment variables. To configure your environment to authenticate using the default credential provider set the following environment variables with your development credentials.
set AZURE_TENANT_ID=<your tenant id>
set AZURE_CLIENT_ID=<your development client id>
set AZURE_CLIENT_SECRET=<your development client secret>