This sample shows how to do the following operations of Key Vault with Key Vault SDK

  • Create a Key Vault using certificate based authentication
  • Create a secret inside the Key Vault
  • Get the secret
  • Delete the Resource Group

Running this Sample

To run this sample:

  1. Clone the repository using the following command:

    git clone https://github.com/Azure-Samples/Hybrid-KeyVault-Java-Manage-Secrets-Certificate-Based-Auth.git

  2. Create an Azure service principal and assign a role to access the subscription. For instructions on creating a service principal, see Use Azure PowerShell to create a service principal with a certificate.

  3. Export the service principal certificate as a pfx file.

  4. Set the following required environment variable values:

    • AZURE_OBJECT_ID (To set access permissions for KeyVault. You can retrieve this value from the output during Service Principal Creation)
  5. Change directory to Hybrid sample:

    • cd Hybrid-KeyVault-Java-Manage-Secrets-Certificate-Based-Auth
  6. Run the sample:

    • mvn clean compile exec:java

Use latest Key Vault SDK

The Key Vault secrets SDK here is com.azure:azure-security-keyvault-secrets, if you are using the latest version of the Key Vault SDK package, please refer to the following examples:

  • IdentityReadmeSamples.java shows multiple ways to authenticate the Key Vault client via DefaultAzureCredential, device code, client secret or certificate in addition to others.

  • HelloWorld.java - Examples for common Key Vault tasks:

    • Create a secret inside the Key Vault
    • Get the secret

More information


This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.