![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 75%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
Hello @Anonymous , you don't need to use com.azure:azure-identity or any other azure sdk module. You can user alternative libraries or develop your own library/ies following Azure documentation. This however it's not recommended. First we need to assess the vulnerabilities found in the library/package. Please email the verascan vulnerabilities report/results to azcommunity@microsoft.com with Subject Attn: Alfredo Revilla.
In the meantime and as a workaround for the com.azure:azure-identity vulnerabilities you might try any of the following:
- Upgrade to the latest version of the aforementioned module.
- Exclude the vulnerable dependency and pin to its latest version in your application pom
- Use a third-party OAuth Libraries for Javain tandem with the Azure Key Vault client library for Java. You will need to create an app registration, (optional) expose Azure Key Vault scopes/delegated permissions (for user authentication), and add your own TokenCredential implementation.
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.