Skip to content

Latest commit

 

History

History
208 lines (148 loc) · 7.46 KB

File metadata and controls

208 lines (148 loc) · 7.46 KB
page_type languages products name description
sample
java
azure-key-vault
Loading Secrets From Azure Key Vault to Property Source in Spring Boot Application
This sample demonstrates how to load secrets from Azure Key Vault to PropertySource in Spring Boot application.

Loading Secrets From Azure Key Vault to Property Source in Spring Boot Application

This sample demonstrates how to load secrets from Azure Key Vault to PropertySource. Link to reference doc.

What You Will Build

You will build an application that use spring-cloud-azure-starter-keyvault-secrets to retrieve multiple secrets from multiple Azure Key Vault.

What You Need

Provision Azure Resources Required to Run This Sample

Authenticate Using the Azure CLI

Terraform must authenticate to Azure to create infrastructure.

In your terminal, use the Azure CLI tool to setup your account permissions locally.

az login

Your browser window will open and you will be prompted to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information. You do not need to save this output as it is saved in your system for Terraform to use.

You have logged in. Now let us find all the subscriptions to which you have access...

[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "home-Tenant-Id",
    "id": "subscription-id",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Subscription-Name",
    "state": "Enabled",
    "tenantId": "0envbwi39-TenantId",
    "user": {
      "name": "[email protected]",
      "type": "user"
    }
  }
]

If you have more than one subscription, specify the subscription-id you want to use with command below:

az account set --subscription <your-subscription-id>

Provision the Resources

After login Azure CLI with your account, now you can use the terraform script to create Azure Resources.

Run with Bash

# In the root directory of the sample
# Initialize your Terraform configuration
terraform -chdir=./terraform init

# Apply your Terraform Configuration
terraform -chdir=./terraform apply -auto-approve

Run with Powershell

# In the root directory of the sample
# Initialize your Terraform configuration
terraform -chdir=terraform init

# Apply your Terraform Configuration
terraform -chdir=terraform apply -auto-approve

It may take a few minutes to run the script. After successful running, you will see prompt information like below:

...
azurecaf_name.azurecaf_name_kv_02: Creating...
azurecaf_name.azurecaf_name_kv_01: Creating...
azurecaf_name.resource_group: Creating...
azurecaf_name.azurecaf_name_kv_01: Creation complete after 0s ...
azurecaf_name.resource_group: Creation complete after 0s ...
azurecaf_name.azurecaf_name_kv_02: Creation complete after 0s ...
azurerm_resource_group.main: Creating...
azurerm_resource_group.main: Creation complete after 3s ...
azurerm_key_vault.kv_account_02: Creating...
azurerm_key_vault.kv_account_01: Creating...
azurerm_key_vault.kv_account_02: Still creating... 
...
azurerm_key_vault_secret.kv_01: Creation complete ...
azurerm_key_vault_secret.kv_both_01: Creation complete ...
azurerm_key_vault.kv_account_02: Creation complete after ...
azurerm_key_vault_secret.kv_02_both: Creating...
azurerm_key_vault_secret.kv_02: Creating...
azurerm_key_vault_secret.kv_02_both: Creation complete ...
azurerm_key_vault_secret.kv_02: Creation complete ...

Apply complete! Resources: 10 added, 0 changed, 0 destroyed.

Outputs:

...

You can go to Azure portal in your web browser to check the resources you created.

Export Output to Your Local Environment

Running the command below to export environment values:

Run with Bash

source ./terraform/setup_env.sh

Run with Powershell

terraform\setup_env.ps1

If you want to run the sample in debug mode, you can save the output value.

ENDPOINT_1=...
ENDPOINT_2=...

Run Locally

Run the sample with Maven

In your terminal, run mvn clean spring-boot:run.

mvn clean spring-boot:run

Run the sample in IDEs

You can debug your sample by adding the saved output values to the tool's environment variables or the sample's application.yaml file.

Verify This Sample

Start the application, you will see logs like this:

sampleProperty1: key_vault_secret_01/sampleProperty1Value
sampleProperty2: key_vault_secret_02/sampleProperty2Value
samplePropertyInMultipleKeyVault: key_vault_secret_01/samplePropertyInMultipleKeyVaultValue

We can see that key_vault_secret_01 have higher priority.

Clean Up Resources

After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.

The terraform destroy command terminates resources managed by your Terraform project.
To destroy the resources you created.

Run with Bash

terraform -chdir=./terraform destroy -auto-approve

Run with Powershell

terraform -chdir=terraform destroy -auto-approve

(Optional) Retrieve specific secrets

If you don't want to load all secrets from Azure Key Vault. You can specify the secrets you want to load by setting the spring.cloud.azure.keyvault.secret.property-sources.secret-keys=secret1,secret2... property in the application.yaml file.

For this sample, run locally with the command mvn clean spring-boot:run -Dspring-boot.run.profiles=secrets to activate the application-secrets.yml profile file.

Verify This Sample.

Deploy to Azure Spring Apps

Now that you have the Spring Boot application running locally, it's time to move it to production. Azure Spring Apps makes it easy to deploy Spring Boot applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more. To deploy your application to Azure Spring Apps, see Deploy your first application to Azure Spring Apps.