- First, you must be having following to call https://login.microsoftonline.com to get Bearer token -
- tenant_id/ subscription_id
- client_id
- client_secret
Then call following command to get Bearer token for authorization for accessing resource https://vault.azure.net-
curl -X POST \
https://login.microsoftonline.com/{tenant_id}/oauth2/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}&resource=https://vault.azure.net'
Note to replace {*} with appropriate value.
This will result a JSON response like below -
{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1677278006","not_before":"1677274106","resource":"https://vault.azure.net","access_token":"eyJ0eXAiOiJKV1QiLCJhbG...."}
- Second, you must be having Key that needs to be fetched from Azure KeyVault -
- secret_key
- Vault_URL
- access_token (as received in previous step)
Then call following command to get value for secret_key -
curl -s "{Vault_URL}/secrets/{secret_key}?api-version=7.4" -H "Authorization: Bearer {access_token}"
Note to replace {*} with appropriate value.
This will result a JSON response like below -
{"value":"9C48D41B7F0526EE5CE77F6E38861893D7AC1282C94395A84FF3D1EB55AAE8FD","id":"https://myvault.vault.azure.net/secrets/secret-key/b4f2d88910a447858e737d31a74bd023","attributes":{"enabled":true,"created":1665167167,"updated":1665167167,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90}}
Note, apart from above it is required to register app in Azure AD. Otherwise, you may receive HTTP 403 error ( where-in, server understands the request but refuses to authorize it ).
Comments
Post a Comment