Open bjvetter opened 1 year ago
Is this on the Azure website (https://learn.microsoft.com/en-us/azure/key-vault/general/common-parameters-and-headers):
The HTTP Host header must always be present and must specify the vault hostname. Example: Host: contoso.vault.azure.net. Note that most client technologies populate the Host header from the URI. For instance, GET https://contoso.vault.azure.net/secrets/mysecret{...} will set the Host as contoso.vault.azure.net. If you access Key Vault using raw IP address like GET https://10.0.0.23/secrets/mysecret{...}, the automatic value of Host header will be wrong, and you'll have to manually ensure that the Host header contains the vault hostname.
I see nothing in the code to create a "host" header, but I believe libcurl will do this automatically.
I am not able to do a simple sign operation as shown in your examples - just get an unknown vault error. I put some debugging instructions in the code and I see that it is getting a bad request error (400). It says the request as an invalid header name.
I then dumped out the headers before the curl request and I see the following 4 (albeit redacted) headers:
d] AkvGetKey curl.c(461) header: Accept: application/json [d] AkvGetKey curl.c(461) header: Content-Type: application/json [d] AkvGetKey curl.c(461) header: Authorization: Bearer { "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyIsImtpZCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyJ9.eyJhdWQiOiJodHRwczovL3BiYS1wb3J0YWwudmF1bHQuYXp1cmUubmV0LyIsImlzcyI6Imh0dHBz..... -BTK_Wn6zMjKqraHa9u9VmKxY3bu48kYiLg90I3ogND83BdYIVJxH7mcQ9eG6yBCjuQK89Nq-oM5QZnCkItg-HGB_qy7wwyqdDMuIODjftQ68Frn8cAZM3MoMHbjDE9YxXQtEYLcbXlsEewDzhGVvYwgJEY4wd9dctHQ", "expiresOn": "2023-08-28 18:17:29.000000", "tenant": "xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx", "tokenType": "Bearer" }
And the text from the https:// output is:
I don't know exactly what needs to be in the header or the format of the header. Perhaps the "token type" for the Authorization header? I got that token by grabbing the output this way:
AZURE_CLI_ACCESS_TOKEN=``az account get-access-token --output json --tenant xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --resource https://xxxxxxxxx.vault.azure.net/``
(those ```` are single back-ticks - the formatter here is messing with things)Can someone help me understand what I have done wrong or perhaps the azure key vault/managed hsm has changed things?
Oh,and all I was trying to do is get the public key for the key vault key:
openssl pkey -engine e_akv -inform engine -in "vault:vaultname:keyname" -pubout -text -out /tmp/leafpubkey.pem