[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-9e6f06e9-5a4f-4f08-a274-7d2146d4f917":3,"$fzanPfm2Sdc1UkfwHz3jyDafdpNlt2aG2_nw70zu2lN0":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"9e6f06e9-5a4f-4f08-a274-7d2146d4f917","azure-security-keyvault-keys-java","Azure Key Vault 密钥 Java SDK 用于加密密钥管理。用于创建、管理或使用 RSA\u002FEC 密钥，执行加密\u002F解密\u002F签名\u002F验证操作，或与基于 HSM 的密钥一起工作。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azure-security-keyvault-keys-java\ndescription: \"Azure Key Vault Keys Java SDK for cryptographic key management. Use when creating, managing, or using RSA\u002FEC keys, performing encrypt\u002Fdecrypt\u002Fsign\u002Fverify operations, or working with HSM-backed keys.\"\nrisk: unknown\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Azure Key Vault Keys (Java)\n\nManage cryptographic keys and perform cryptographic operations in Azure Key Vault and Managed HSM.\n\n## Installation\n\n```xml\n\u003Cdependency>\n    \u003CgroupId>com.azure\u003C\u002FgroupId>\n    \u003CartifactId>azure-security-keyvault-keys\u003C\u002FartifactId>\n    \u003Cversion>4.9.0\u003C\u002Fversion>\n\u003C\u002Fdependency>\n```\n\n## Client Creation\n\n```java\nimport com.azure.security.keyvault.keys.KeyClient;\nimport com.azure.security.keyvault.keys.KeyClientBuilder;\nimport com.azure.security.keyvault.keys.cryptography.CryptographyClient;\nimport com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder;\nimport com.azure.identity.DefaultAzureCredentialBuilder;\n\n\u002F\u002F Key management client\nKeyClient keyClient = new KeyClientBuilder()\n    .vaultUrl(\"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\")\n    .credential(new DefaultAzureCredentialBuilder().build())\n    .buildClient();\n\n\u002F\u002F Async client\nKeyAsyncClient keyAsyncClient = new KeyClientBuilder()\n    .vaultUrl(\"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\")\n    .credential(new DefaultAzureCredentialBuilder().build())\n    .buildAsyncClient();\n\n\u002F\u002F Cryptography client (for encrypt\u002Fdecrypt\u002Fsign\u002Fverify)\nCryptographyClient cryptoClient = new CryptographyClientBuilder()\n    .keyIdentifier(\"https:\u002F\u002F\u003Cvault-name>.vault.azure.net\u002Fkeys\u002F\u003Ckey-name>\u002F\u003Ckey-version>\")\n    .credential(new DefaultAzureCredentialBuilder().build())\n    .buildClient();\n```\n\n## Key Types\n\n| Type | Description |\n|------|-------------|\n| `RSA` | RSA key (2048, 3072, 4096 bits) |\n| `RSA_HSM` | RSA key in HSM |\n| `EC` | Elliptic Curve key |\n| `EC_HSM` | Elliptic Curve key in HSM |\n| `OCT` | Symmetric key (Managed HSM only) |\n| `OCT_HSM` | Symmetric key in HSM |\n\n## Create Keys\n\n### Create RSA Key\n\n```java\nimport com.azure.security.keyvault.keys.models.*;\n\n\u002F\u002F Simple RSA key\nKeyVaultKey rsaKey = keyClient.createRsaKey(new CreateRsaKeyOptions(\"my-rsa-key\")\n    .setKeySize(2048));\n\nSystem.out.println(\"Key name: \" + rsaKey.getName());\nSystem.out.println(\"Key ID: \" + rsaKey.getId());\nSystem.out.println(\"Key type: \" + rsaKey.getKeyType());\n\n\u002F\u002F RSA key with options\nKeyVaultKey rsaKeyWithOptions = keyClient.createRsaKey(new CreateRsaKeyOptions(\"my-rsa-key-2\")\n    .setKeySize(4096)\n    .setExpiresOn(OffsetDateTime.now().plusYears(1))\n    .setNotBefore(OffsetDateTime.now())\n    .setEnabled(true)\n    .setKeyOperations(KeyOperation.ENCRYPT, KeyOperation.DECRYPT, \n                       KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)\n    .setTags(Map.of(\"environment\", \"production\")));\n\n\u002F\u002F HSM-backed RSA key\nKeyVaultKey hsmKey = keyClient.createRsaKey(new CreateRsaKeyOptions(\"my-hsm-key\")\n    .setKeySize(2048)\n    .setHardwareProtected(true));\n```\n\n### Create EC Key\n\n```java\n\u002F\u002F EC key with P-256 curve\nKeyVaultKey ecKey = keyClient.createEcKey(new CreateEcKeyOptions(\"my-ec-key\")\n    .setCurveName(KeyCurveName.P_256));\n\n\u002F\u002F EC key with other curves\nKeyVaultKey ecKey384 = keyClient.createEcKey(new CreateEcKeyOptions(\"my-ec-key-384\")\n    .setCurveName(KeyCurveName.P_384));\n\nKeyVaultKey ecKey521 = keyClient.createEcKey(new CreateEcKeyOptions(\"my-ec-key-521\")\n    .setCurveName(KeyCurveName.P_521));\n\n\u002F\u002F HSM-backed EC key\nKeyVaultKey ecHsmKey = keyClient.createEcKey(new CreateEcKeyOptions(\"my-ec-hsm-key\")\n    .setCurveName(KeyCurveName.P_256)\n    .setHardwareProtected(true));\n```\n\n### Create Symmetric Key (Managed HSM only)\n\n```java\nKeyVaultKey octKey = keyClient.createOctKey(new CreateOctKeyOptions(\"my-symmetric-key\")\n    .setKeySize(256)\n    .setHardwareProtected(true));\n```\n\n## Get Key\n\n```java\n\u002F\u002F Get latest version\nKeyVaultKey key = keyClient.getKey(\"my-key\");\n\n\u002F\u002F Get specific version\nKeyVaultKey keyVersion = keyClient.getKey(\"my-key\", \"\u003Cversion-id>\");\n\n\u002F\u002F Get only key properties (no key material)\nKeyProperties keyProps = keyClient.getKey(\"my-key\").getProperties();\n```\n\n## Update Key Properties\n\n```java\nKeyVaultKey key = keyClient.getKey(\"my-key\");\n\n\u002F\u002F Update properties\nkey.getProperties()\n    .setEnabled(false)\n    .setExpiresOn(OffsetDateTime.now().plusMonths(6))\n    .setTags(Map.of(\"status\", \"archived\"));\n\nKeyVaultKey updatedKey = keyClient.updateKeyProperties(key.getProperties(),\n    KeyOperation.ENCRYPT, KeyOperation.DECRYPT);\n```\n\n## List Keys\n\n```java\nimport com.azure.core.util.paging.PagedIterable;\n\n\u002F\u002F List all keys\nfor (KeyProperties keyProps : keyClient.listPropertiesOfKeys()) {\n    System.out.println(\"Key: \" + keyProps.getName());\n    System.out.println(\"  Enabled: \" + keyProps.isEnabled());\n    System.out.println(\"  Created: \" + keyProps.getCreatedOn());\n}\n\n\u002F\u002F List key versions\nfor (KeyProperties version : keyClient.listPropertiesOfKeyVersions(\"my-key\")) {\n    System.out.println(\"Version: \" + version.getVersion());\n    System.out.println(\"Created: \" + version.getCreatedOn());\n}\n```\n\n## Delete Key\n\n```java\nimport com.azure.core.util.polling.SyncPoller;\n\n\u002F\u002F Begin delete (soft-delete enabled vaults)\nSyncPoller\u003CDeletedKey, Void> deletePoller = keyClient.beginDeleteKey(\"my-key\");\n\n\u002F\u002F Wait for deletion\nDeletedKey deletedKey = deletePoller.poll().getValue();\nSystem.out.println(\"Deleted: \" + deletedKey.getDeletedOn());\n\ndeletePoller.waitForCompletion();\n\n\u002F\u002F Purge deleted key (permanent deletion)\nkeyClient.purgeDeletedKey(\"my-key\");\n\n\u002F\u002F Recover deleted key\nSyncPoller\u003CKeyVaultKey, Void> recoverPoller = keyClient.beginRecoverDeletedKey(\"my-key\");\nrecoverPoller.waitForCompletion();\n```\n\n## Cryptographic Operations\n\n### Encrypt\u002FDecrypt\n\n```java\nimport com.azure.security.keyvault.keys.cryptography.models.*;\n\nCryptographyClient cryptoClient = new CryptographyClientBuilder()\n    .keyIdentifier(\"https:\u002F\u002F\u003Cvault>.vault.azure.net\u002Fkeys\u002F\u003Ckey-name>\")\n    .credential(new DefaultAzureCredentialBuilder().build())\n    .buildClient();\n\nbyte[] plaintext = \"Hello, World!\".getBytes(StandardCharsets.UTF_8);\n\n\u002F\u002F Encrypt\nEncryptResult encryptResult = cryptoClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext);\nbyte[] ciphertext = encryptResult.getCipherText();\nSystem.out.println(\"Ciphertext length: \" + ciphertext.length);\n\n\u002F\u002F Decrypt\nDecryptResult decryptResult = cryptoClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext);\nString decrypted = new String(decryptResult.getPlainText(), StandardCharsets.UTF_8);\nSystem.out.println(\"Decrypted: \" + decrypted);\n```\n\n### Sign\u002FVerify\n\n```java\nimport java.security.MessageDigest;\n\n\u002F\u002F Create digest of data\nbyte[] data = \"Data to sign\".getBytes(StandardCharsets.UTF_8);\nMessageDigest md = MessageDigest.getInstance(\"SHA-256\");\nbyte[] digest = md.digest(data);\n\n\u002F\u002F Sign\nSignResult signResult = cryptoClient.sign(SignatureAlgorithm.RS256, digest);\nbyte[] signature = signResult.getSignature();\n\n\u002F\u002F Verify\nVerifyResult verifyResult = cryptoClient.verify(SignatureAlgorithm.RS256, digest, signature);\nSystem.out.println(\"Valid signature: \" + verifyResult.isValid());\n```\n\n### Wrap\u002FUnwrap Key\n\n```java\n\u002F\u002F Key to wrap (e.g., AES key)\nbyte[] keyToWrap = new byte[32];  \u002F\u002F 256-bit key\nnew SecureRandom().nextBytes(keyToWrap);\n\n\u002F\u002F Wrap\nWrapResult wrapResult = cryptoClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap);\nbyte[] wrappedKey = wrapResult.getEncryptedKey();\n\n\u002F\u002F Unwrap\nUnwrapResult unwrapResult = cryptoClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrappedKey);\nbyte[] unwrappedKey = unwrapResult.getKey();\n```\n\n## Backup and Restore\n\n```java\n\u002F\u002F Backup\nbyte[] backup = keyClient.backupKey(\"my-key\");\n\n\u002F\u002F Save backup to file\nFiles.write(Paths.get(\"key-backup.blob\"), backup);\n\n\u002F\u002F Restore\nbyte[] backupData = Files.readAllBytes(Paths.get(\"key-backup.blob\"));\nKeyVaultKey restoredKey = keyClient.restoreKeyBackup(backupData);\n```\n\n## Key Rotation\n\n```java\n\u002F\u002F Rotate to new version\nKeyVaultKey rotatedKey = keyClient.rotateKey(\"my-key\");\nSystem.out.println(\"New version: \" + rotatedKey.getProperties().getVersion());\n\n\u002F\u002F Set rotation policy\nKeyRotationPolicy policy = new KeyRotationPolicy()\n    .setExpiresIn(\"P90D\")  \u002F\u002F Expire after 90 days\n    .setLifetimeActions(Arrays.asList(\n        new KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE)\n            .setTimeBeforeExpiry(\"P30D\")));  \u002F\u002F Rotate 30 days before expiry\n\nkeyClient.updateKeyRotationPolicy(\"my-key\", policy);\n\n\u002F\u002F Get rotation policy\nKeyRotationPolicy currentPolicy = keyClient.getKeyRotationPolicy(\"my-key\");\n```\n\n## Import Key\n\n```java\nimport com.azure.security.keyvault.keys.models.ImportKeyOptions;\nimport com.azure.security.keyvault.keys.models.JsonWebKey;\n\n\u002F\u002F Import existing key material\nJsonWebKey jsonWebKey = new JsonWebKey()\n    .setKeyType(KeyType.RSA)\n    .setN(modulus)\n    .setE(exponent)\n    .setD(privateExponent)\n    \u002F\u002F ... other RSA components\n    ;\n\nImportKeyOptions importOptions = new ImportKeyOptions(\"imported-key\", jsonWebKey)\n    .setHardwareProtected(false);\n\nKeyVaultKey importedKey = keyClient.importKey(importOptions);\n```\n\n## Encryption Algorithms\n\n| Algorithm | Key Type | Description |\n|-----------|----------|-------------|\n| `RSA1_5` | RSA | RSAES-PKCS1-v1_5 |\n| `RSA_OAEP` | RSA | RSAES with OAEP (recommended) |\n| `RSA_OAEP_256` | RSA | RSAES with OAEP using SHA-256 |\n| `A128GCM` | OCT | AES-GCM 128-bit |\n| `A256GCM` | OCT | AES-GCM 256-bit |\n| `A128CBC` | OCT | AES-CBC 128-bit |\n| `A256CBC` | OCT | AES-CBC 256-bit |\n\n## Signature Algorithms\n\n| Algorithm | Key Type | Hash |\n|-----------|----------|------|\n| `RS256` | RSA | SHA-256 |\n| `RS384` | RSA | SHA-384 |\n| `RS512` | RSA | SHA-512 |\n| `PS256` | RSA | SHA-256 (PSS) |\n| `ES256` | EC P-256 | SHA-256 |\n| `ES384` | EC P-384 | SHA-384 |\n| `ES512` | EC P-521 | SHA-512 |\n\n## Error Handling\n\n```java\nimport com.azure.core.exception.HttpResponseException;\nimport com.azure.core.exception.ResourceNotFoundException;\n\ntry {\n    KeyVaultKey key = keyClient.getKey(\"non-existent-key\");\n} catch (ResourceNotFoundException e) {\n    System.out.println(\"Key not found: \" + e.getMessage());\n} catch (HttpResponseException e) {\n    System.out.println(\"HTTP error \" + e.getResponse().getStatusCode());\n    System.out.println(\"Message: \" + e.getMessage());\n}\n```\n\n## Environment Variables\n\n```bash\nAZURE_KEYVAULT_URL=https:\u002F\u002F\u003Cvault-name>.vault.azure.net\n```\n\n## Best Practices\n\n1. **Use HSM Keys for Production** - Set `setHardwareProtected(true)` for sensitive keys\n2. **Enable Soft Delete** - Protects against accidental deletion\n3. **Key Rotation** - Set up automatic rotation policies\n4. **Least Privilege** - Use separate keys for different operations\n5. **Local Crypto When Possible** - Use `CryptographyClient` with local key material to reduce round-trips\n\n## Trigger Phrases\n\n- \"Key Vault keys Java\", \"cryptographic keys Java\"\n- \"encrypt decrypt Java\", \"sign verify Java\"\n- \"RSA key\", \"EC key\", \"HSM key\"\n- \"key rotation\", \"wrap unwrap key\"\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,189,152,"2026-05-16 13:07:38",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"89704498-775b-455a-90ad-94751e0b8380","1.0.0","azure-security-keyvault-keys-java.zip",3613,"uploads\u002Fskills\u002F9e6f06e9-5a4f-4f08-a274-7d2146d4f917\u002Fazure-security-keyvault-keys-java.zip","c425c03a7d01485c9c561c1bc7555ff4ea221ea19745ae4974e05eac729bad78","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":11330}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]