2.11.0 (2026-02-28)
Features Added
- Added support for Azure Workload Identity authentication for Azure Kubernetes Service (AKS) workloads.
- Automatically detects and uses federated token authentication when
AZURE_FEDERATED_TOKEN_FILE,AZURE_CLIENT_ID, andAZURE_TENANT_IDare set (via environment variables or system propertiesazure.keyvault.client-idandazure.keyvault.tenant-id). - Provides credential-free authentication for AKS pods configured with Workload Identity-enabled service accounts.
- Automatically detects and uses federated token authentication when
- Added support for bearer token authentication via the
azure.keyvault.access-tokensystem property. This allows users to provide a pre-obtained access token for authentication, enabling multi-factor authentication scenarios without requiring client ID and client secret. Authentication priority order is: Managed Identity > Access Token > Client Credentials.
Bugs Fixed
- Fixed the NPE where the token object was not returned when the credential information was incorrect.
- Fixed an issue where release-specific classes from BouncyCastle were not properly shaded for Java 9 and above, leading to potential class loading issues in multi-release JARs. (#47127)