Currently, I am using Access Keys to connect to Azure Cosmos DB via Java. The code I use for this is as follows :
CosmosClient client = new CosmosClientBuilder().endpoint(cosmosEndpoint).key(cosmosKey)
.preferredRegions(Collections.singletonList("East US 2")) .consistencyLevel(ConsistencyLevel.EVENTUAL).buildClient();
where cosmosEndpoint = "https://<cosmosdb_name>.documents.azure.com:443/"
and cosmosKey is the Primary Key .
Now, we are asked to stop using the Access Keys for Cosmos DB. So I created a Service Principal and assigned it a role of DocumentDB Account Contributor.
The updated code in Java is as follows :
TokenCredential ServicePrincipal = new ClientSecretCredentialBuilder().authorityHost("https://login.microsoftonline.com")
.tenantId(getTenantID())
.clientId(getClientId())
.clientSecret(getSecret())
.build();
CosmosClient client = new CosmosClientBuilder().endpoint(cosmosEndpoint).credential(ServicePrincipal)
.preferredRegions(Collections.singletonList("East US 2"))
.consistencyLevel(ConsistencyLevel.EVENTUAL).buildClient();
The above method is giving me the following error :
Client initialization failed. Check if the endpoint is reachable and if your auth token is valid
Do I need to change the role assigned? Or am I missing something? How can I achieve this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 12%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 53%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)