[FEATURE REQ] Change Azure Key Vault JCA authentication to use Azure Identity with Credential

[ecnabogs]

Is your feature request related to a problem? Please describe.
I'm trying to use the Azure KeyVault JCA library on AKS but I cannot manage to make it work, at least I did not find the proper documentation that would help me to do so. I properly got it to work on AppService using a managed identity but on AKS, I get confused how to authenticate. The library seems to support the service principal (tenandId, clientId, secretId) and managed identity authentication schemes but not the new workload identity. I am also stuck when deploying locally since the library does not support authentication through my own credentials.

Describe the solution you'd like
I would like to be able to authenticate to the Azure KeyVault JCA library as I can already do with almost all other Azure libraries, such as Azure KeyVault Certificates, using the concept of Credential as provided by the Azure Identity library. Specifically I would like to use the versatile DefaultAzureCredential implementation that would allow an all-in-one solution for authentication.
I think it would also harmonize this Azure library with its counterparts for other resources.

Describe alternatives you've considered
None since I am stuck with this library on AKS. Is there a way to make workload identity and identity federation to work with Azure KeyVault JCA on Kubernetes ?

Additional context
None.

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Description Added
• Expected solution specified

[joshfree]

Thanks for taking the time to file this issue, @ecnabogs. @saragluna will follow up shortly.