如何为 spring 启动应用程序设置 azure 密钥库？

Question

There was some dependency incompatibility occurring because we were using an older version of azure keyvault (azure-keyvault-secrets-spring-boot-starter 2.2.1) but it got updated and we are upgrading it to azure-spring-boot-starter-keyvault-secrets 4.0.0. Now the keyvault isn't being connected maybe because the application.yml keyvault config is in the wrong syntax.

This is what was there before when it was working with the 2.2.1 version:

azure:
  keyvault:
    uri: ${uri}
    client-id: ${clientId}
    client-key: ${clientKey}
    token-acquire-timeout-seconds: 120

This is how we are trying now but it isn't connecting.

spring:
  cloud:
    azure:
      keyvault:
        secret:
          property-sources:
            uri: ${uri}
            client-id: ${clientId}
            client-key: ${clientKey}
            token-acquire-timeout-seconds: 120

What is the correct syntax for this azure keyvault version configuration??

Answer 1

Add the below dependency of spring-cloud-azure-starter-keyvault-certificates to the pom.xml file.

<properties>
        <version.spring.cloud.azure>4.3.0</version.spring.cloud.azure> 
</properties>
<dependencies>
      <dependency>
             <groupId>com.azure.spring</groupId>
             <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
      </dependency> 
</dependencies> 
<dependencyManagement>
         <dependencies>
             <dependency>
                 <groupId>com.azure.spring</groupId>
                 <artifactId>spring-cloud-azure-dependencies</artifactId>
                 <version>${version.spring.cloud.azure}</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
   </dependencies> 
</dependencyManagement>

• Go to--> src/main/resources/application.properties file and add the below properties to configure the azure key vault to link to the spring boot application:

    spring.cloud.azure.keyvault.secret.property-source-enabled=true
    spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=<your client ID>
    spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=<your client key>
    spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://contosokv.vault.azure.net/
    spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=<your tenant ID>

The above references are taken from the Microsoft Document and refer this to know more about adding Key Vault configuration to the app.

Answer 2

It should most probably look like this:

spring:
  cloud:
    azure:
      keyvault:
        secret:
          property-sources[0]:
            endpoint: ${uri}
            credential:
              client-id: ${clientId}
              client-secret: ${clientKey}

From the migration guide from 3.xx to 4.x ( direct link ):

Legacy properties	Modern properties
azure.keyvault.case-sensitive-keys	spring.cloud.azure.keyvault.secret.property-sources[n].case-sensitive
azure.keyvault.certificate-password	spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-certificate-password
azure.keyvault.certificate-path	spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-certificate-path
azure.keyvault.client-id	spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-id
azure.keyvault.client-key	spring.cloud.azure.keyvault.secret.property-sources[n].credential.client-secret
azure.keyvault.enabled	spring.cloud.azure.keyvault.secret.enabled and spring.cloud.azure.keyvault.secret.property-source-enabled
azure.keyvault.refresh-interval	spring.cloud.azure.keyvault.secret.property-sources[n].refresh-interval
azure.keyvault.secret-keys	spring.cloud.azure.keyvault.secret.property-sources[n].secret-keys
azure.keyvault.tenant-id	spring.cloud.azure.keyvault.secret.property-sources[n].profile.tenant-id
azure.keyvault.uri	spring.cloud.azure.keyvault.secret.property-sources[n].endpoint