{"id":3154,"date":"2025-10-28T09:56:15","date_gmt":"2025-10-28T08:56:15","guid":{"rendered":"https:\/\/france.magicsoftware.com\/blog\/?p=3154"},"modified":"2025-10-28T10:17:58","modified_gmt":"2025-10-28T09:17:58","slug":"azure-key-vault-magic-xpi","status":"publish","type":"post","link":"https:\/\/france.magicsoftware.com\/blog\/magic-xpi\/azure-key-vault-magic-xpi\/","title":{"rendered":"Azure Key Vault &#8211; Magic xpi"},"content":{"rendered":"\n<p><strong>Goal <\/strong>: Retrieve secret values from Azure Key Vault protected by certificat with Magic xpi using REST API<\/p>\n\n\n\n<p>1\/ Generate your certificat (pfx format) and declare it in the azure console (Azure Key Vault)<\/p>\n\n\n\n<p>You can use standard powershell script to generate and export the pfx certificate.<\/p>\n\n\n\n<p>2\/ To test with postman, you need first to generate the Client_Assertion in other to get the token<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"847\" height=\"379\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG2.png\" alt=\"\" class=\"wp-image-3160\" style=\"width:578px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG2.png 847w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG2-300x134.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG2-768x344.png 768w\" sizes=\"auto, (max-width: 847px) 100vw, 847px\" \/><\/figure>\n\n\n\n<p>2\/ Define 2 resources one for the token and one for Key Vault.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"318\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG7-1024x318.png\" alt=\"\" class=\"wp-image-3173\" style=\"width:582px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG7-1024x318.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG7-300x93.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG7-768x238.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG7.png 1054w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"308\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG8-1024x308.png\" alt=\"\" class=\"wp-image-3175\" style=\"width:697px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG8-1024x308.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG8-300x90.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG8-768x231.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG8.png 1151w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Replace &lt;myazurekeyvault) with your own keyvault.<\/p>\n\n\n\n<p>Don&rsquo;t forget to set in the Query tab control : api-version  with 2016-10-01<\/p>\n\n\n\n<p>3\/ To Generate the Client_Assertion, we will use a piece of java code<\/p>\n\n\n\n<p>We are going to use a Java Class AzureKeyVault with method getClientAssertion. We will call this method with Magic JcallStatic function.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"214\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG3.png\" alt=\"\" class=\"wp-image-3161\" style=\"width:586px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG3.png 811w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG3-300x79.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG3-768x203.png 768w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/figure>\n\n\n\n<p>This signature function will accept 4 parameters (tenantId, clientId, pfxPath and pfxPassword).<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"941\" height=\"568\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG15.png\" alt=\"\" class=\"wp-image-3188\" style=\"width:531px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG15.png 941w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG15-300x181.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG15-768x464.png 768w\" sizes=\"auto, (max-width: 941px) 100vw, 941px\" \/><\/figure>\n\n\n\n<p>Drag and drop a Flow data connector in your Magic xpi flow<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"944\" height=\"445\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG5-2.png\" alt=\"\" class=\"wp-image-3165\" style=\"width:692px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG5-2.png 944w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG5-2-300x141.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG5-2-768x362.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><\/figure>\n\n\n\n<p>Define 2 variables <strong>C.ClientAssertio<\/strong>n (alpha unlimited) and <strong>F.BodyBlo<\/strong>b (Blob).<\/p>\n\n\n\n<p>Update your context variable with JCallStatic function (see Magic xpa Help for the syntax)<\/p>\n\n\n\n<p>MagicAzureClass environment Variable has the value : com.magicsoftware.azureauth.AzureKeyVault<\/p>\n\n\n\n<p>TenantID corresponds to your azure tenant Id as well as for ClientId to azure client id and CPassword for certificate password<\/p>\n\n\n\n<p>The second operation updates the body request that will be used for the getting the token.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"418\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG6.png\" alt=\"\" class=\"wp-image-3168\" style=\"width:642px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG6.png 975w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG6-300x129.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG6-768x329.png 768w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<p><strong>!! You must copied 4 jar files inside your Magic xpi  runtime\\java\\lib folder<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"545\" height=\"235\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG14.png\" alt=\"\" class=\"wp-image-3186\" style=\"width:509px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG14.png 545w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG14-300x129.png 300w\" sizes=\"auto, (max-width: 545px) 100vw, 545px\" \/><\/figure>\n\n\n\n<p>4\/ Drag and drop REST Client connector and link it to the MicrosoftOnline resource<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"587\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG9.png\" alt=\"\" class=\"wp-image-3177\" style=\"width:564px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG9.png 857w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG9-300x205.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG9-768x526.png 768w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/><\/figure>\n\n\n\n<p>Press OK and set the tenantid with your tenant and DataBlob your Flow variable F.BodyBlob (updated in the previous step)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"597\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG10-1024x597.png\" alt=\"\" class=\"wp-image-3178\" style=\"width:532px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG10-1024x597.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG10-300x175.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG10-768x448.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG10.png 1069w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>5\/ Drag and Drop a Flow Data connector.<\/p>\n\n\n\n<p>Update C.Accesstoken context variable with Trim (StrToken (StrToken (C.UserBlob,2,'\u00a0\u00bbaccess_token\u00a0\u00bb:\u00a0\u00bb&lsquo;),1,'\u00a0\u00bb}&rsquo;))<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"533\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG11-1024x533.png\" alt=\"\" class=\"wp-image-3180\" style=\"width:552px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG11-1024x533.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG11-300x156.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG11-768x400.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG11.png 1039w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>6\/ Drag and drop a REST Client connector and link it to AzureKeyVault resource<\/p>\n\n\n\n<p>Set the Bearer token by clicking the Parameters and press OK <\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"488\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG12-1024x488.png\" alt=\"\" class=\"wp-image-3182\" style=\"width:683px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG12-1024x488.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG12-300x143.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG12-768x366.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG12.png 1220w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Set the secret name you want to retrieve from your Azure Key Vault<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"560\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG13-1024x560.png\" alt=\"\" class=\"wp-image-3184\" style=\"width:675px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG13-1024x560.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG13-300x164.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG13-768x420.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG13.png 1062w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>7\/ When you execute the flow, you should get the AccessToken,, the ClientAssertion and the content of your secret in C.UserBlob<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"510\" src=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17-1024x510.png\" alt=\"\" class=\"wp-image-3191\" style=\"width:802px;height:auto\" srcset=\"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17-1024x510.png 1024w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17-300x150.png 300w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17-768x383.png 768w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17-1536x766.png 1536w, https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG17.png 1874w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Goal : Retrieve secret values from Azure Key Vault protected by certificat with Magic xpi using REST API 1\/ Generate your certificat (pfx format) and declare it in the azure console (Azure Key Vault) You can use standard powershell script to generate and export the pfx certificate. 2\/ To test with postman, you need first [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[31,86,4,28],"tags":[87,14],"class_list":["post-3154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-azure-key-vault","category-magic-xpi","category-microsoft","tag-azure-key-vault","tag-magic-xpi"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/france.magicsoftware.com\/blog\/wp-content\/uploads\/2025\/10\/AKV_MG1_-1.png","_links":{"self":[{"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/3154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/comments?post=3154"}],"version-history":[{"count":23,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/3154\/revisions"}],"predecessor-version":[{"id":3197,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/3154\/revisions\/3197"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/media\/3198"}],"wp:attachment":[{"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/media?parent=3154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/categories?post=3154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/france.magicsoftware.com\/blog\/wp-json\/wp\/v2\/tags?post=3154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}