page_type | languages | products | name | description | ||
---|---|---|---|---|---|---|
sample |
|
|
Loading Secrets From Azure Key Vault to Property Source in Spring Boot Application |
This sample demonstrates how to load secrets from Azure Key Vault to PropertySource in Spring Boot application. |
This sample demonstrates how to load secrets from Azure Key Vault to PropertySource. Link to reference doc.
You will build an application that use spring-cloud-azure-starter-keyvault-secrets
to retrieve multiple secrets from multiple Azure Key Vault.
- An Azure subscription
- Terraform
- Azure CLI
- JDK8 or later
- Maven
- You can also import the code straight into your IDE:
Terraform must authenticate to Azure to create infrastructure.
In your terminal, use the Azure CLI tool to setup your account permissions locally.
az login
Your browser window will open and you will be prompted to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information. You do not need to save this output as it is saved in your system for Terraform to use.
You have logged in. Now let us find all the subscriptions to which you have access...
[
{
"cloudName": "AzureCloud",
"homeTenantId": "home-Tenant-Id",
"id": "subscription-id",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-Name",
"state": "Enabled",
"tenantId": "0envbwi39-TenantId",
"user": {
"name": "[email protected]",
"type": "user"
}
}
]
If you have more than one subscription, specify the subscription-id you want to use with command below:
az account set --subscription <your-subscription-id>
After login Azure CLI with your account, now you can use the terraform script to create Azure Resources.
# In the root directory of the sample
# Initialize your Terraform configuration
terraform -chdir=./terraform init
# Apply your Terraform Configuration
terraform -chdir=./terraform apply -auto-approve
# In the root directory of the sample
# Initialize your Terraform configuration
terraform -chdir=terraform init
# Apply your Terraform Configuration
terraform -chdir=terraform apply -auto-approve
It may take a few minutes to run the script. After successful running, you will see prompt information like below:
...
azurecaf_name.azurecaf_name_kv_02: Creating...
azurecaf_name.azurecaf_name_kv_01: Creating...
azurecaf_name.resource_group: Creating...
azurecaf_name.azurecaf_name_kv_01: Creation complete after 0s ...
azurecaf_name.resource_group: Creation complete after 0s ...
azurecaf_name.azurecaf_name_kv_02: Creation complete after 0s ...
azurerm_resource_group.main: Creating...
azurerm_resource_group.main: Creation complete after 3s ...
azurerm_key_vault.kv_account_02: Creating...
azurerm_key_vault.kv_account_01: Creating...
azurerm_key_vault.kv_account_02: Still creating...
...
azurerm_key_vault_secret.kv_01: Creation complete ...
azurerm_key_vault_secret.kv_both_01: Creation complete ...
azurerm_key_vault.kv_account_02: Creation complete after ...
azurerm_key_vault_secret.kv_02_both: Creating...
azurerm_key_vault_secret.kv_02: Creating...
azurerm_key_vault_secret.kv_02_both: Creation complete ...
azurerm_key_vault_secret.kv_02: Creation complete ...
Apply complete! Resources: 10 added, 0 changed, 0 destroyed.
Outputs:
...
You can go to Azure portal in your web browser to check the resources you created.
Running the command below to export environment values:
source ./terraform/setup_env.sh
terraform\setup_env.ps1
If you want to run the sample in debug mode, you can save the output value.
ENDPOINT_1=...
ENDPOINT_2=...
In your terminal, run mvn clean spring-boot:run
.
mvn clean spring-boot:run
You can debug your sample by adding the saved output values to the tool's environment variables or the sample's application.yaml
file.
-
If your tool is
IDEA
, please refer to Debug your first Java application and add environment variables. -
If your tool is
ECLIPSE
, please refer to Debugging the Eclipse IDE for Java Developers and Eclipse Environment Variable Setup.
Start the application, you will see logs like this:
sampleProperty1: key_vault_secret_01/sampleProperty1Value
sampleProperty2: key_vault_secret_02/sampleProperty2Value
samplePropertyInMultipleKeyVault: key_vault_secret_01/samplePropertyInMultipleKeyVaultValue
We can see that key_vault_secret_01 have higher priority.
After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.
The terraform destroy command terminates resources managed by your Terraform project.
To destroy the resources you created.
terraform -chdir=./terraform destroy -auto-approve
terraform -chdir=terraform destroy -auto-approve
If you don't want to load all secrets from Azure Key Vault. You can specify the secrets you want to load by setting the spring.cloud.azure.keyvault.secret.property-sources.secret-keys=secret1,secret2...
property in the application.yaml
file.
For this sample, run locally with the command mvn clean spring-boot:run -Dspring-boot.run.profiles=secrets
to activate the application-secrets.yml profile file.
Now that you have the Spring Boot application running locally, it's time to move it to production. Azure Spring Apps makes it easy to deploy Spring Boot applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more. To deploy your application to Azure Spring Apps, see Deploy your first application to Azure Spring Apps.