Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Audit Azure resources for compliance, security best practices, and Key Vault expiration monitoring
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/sdk/azure-security-keyvault-secrets-java.md
1# Key Vault Secrets — Java SDK Quick Reference2> Condensed from **azure-security-keyvault-secrets-java**. Full patterns4> (async client, secret rotation, backup/restore, config loader)5> in the **azure-security-keyvault-secrets-java** plugin skill if installed.6## Install8```xml9<dependency>10<groupId>com.azure</groupId>11<artifactId>azure-security-keyvault-secrets</artifactId>12<version>4.9.0</version>13</dependency>14<dependency>15<groupId>com.azure</groupId>16<artifactId>azure-identity</artifactId>17</dependency>18```19## Quick Start21> **Auth:** `DefaultAzureCredential` is for local development. See [auth-best-practices.md](../auth-best-practices.md) for production patterns.23```java25import com.azure.security.keyvault.secrets.SecretClientBuilder;26import com.azure.identity.DefaultAzureCredentialBuilder;27var secretClient = new SecretClientBuilder()28.vaultUrl("https://<vault>.vault.azure.net")29.credential(new DefaultAzureCredentialBuilder().build())30.buildClient();31```32## Best Practices34- Enable soft delete — protects against accidental deletion35- Use tags — tag secrets with environment, service, owner36- Set expiration — use `setExpiresOn()` for credentials that should rotate37- Content type — set contentType to indicate format (e.g., application/json)38- Version management — don't delete old versions immediately during rotation39- Access logging — enable diagnostic logging on Key Vault40- Least privilege — use separate vaults for different environments41