From e86e0b9b4b6ce0884ea1f224947814d33e6dcc3e Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:26:22 +0800 Subject: [PATCH 01/22] Change folder name from "azure-spring-boot-starter-keyvault-secrets" to "spring-cloud-azure-starter-keyvault-secrets". --- README.md | 4 ++-- .../keyvault-secrets/README.md | 0 .../keyvault-secrets/pom.xml | 0 .../spring/sample/keyvault/KeyVaultSampleApplication.java | 0 .../keyvault-secrets/src/main/resources/application.yml | 0 pom.xml | 2 +- 6 files changed, 3 insertions(+), 3 deletions(-) rename keyvault/{azure-spring-boot-starter-keyvault-secrets => spring-cloud-azure-starter-keyvault-secrets}/keyvault-secrets/README.md (100%) rename keyvault/{azure-spring-boot-starter-keyvault-secrets => spring-cloud-azure-starter-keyvault-secrets}/keyvault-secrets/pom.xml (100%) rename keyvault/{azure-spring-boot-starter-keyvault-secrets => spring-cloud-azure-starter-keyvault-secrets}/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java (100%) rename keyvault/{azure-spring-boot-starter-keyvault-secrets => spring-cloud-azure-starter-keyvault-secrets}/keyvault-secrets/src/main/resources/application.yml (100%) diff --git a/README.md b/README.md index 5489850cc..e207cf7b9 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ | keyvault | [azure-spring-boot-starter-keyvault-certificates:3.2.0] | [keyvault-certificates-server-side](keyvault/azure-security-keyvault-jca/run-with-command-line-server-side) | | keyvault | [azure-security-keyvault-jca:2.1.0] | [run-with-command-line-server-side](keyvault/azure-security-keyvault-jca/run-with-command-line-client-side) | | keyvault | [azure-security-keyvault-jca:2.1.0] | [run-with-command-line-client-side](keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-server-side) | -| keyvault | [azure-spring-boot-starter-keyvault-secrets:3.9.0] | [keyvault-secrets](keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets) | +| keyvault | [spring-cloud-azure-starter-keyvault-secrets:4.0.0-beta.1] | [keyvault-secrets](keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets) | | mediaservices | [azure-media:0.9.8] | [azure-spring-boot-sample-mediaservices](mediaservices/azure-spring-boot-sample-mediaservices) | | servicebus | [azure-messaging-servicebus:7.4.0] | [servicebus](servicebus/azure-messaging-servicebus/servicebus) | | servicebus | [azure-spring-boot-starter-servicebus-jms:3.9.0] | [servicebus-jms-queue](servicebus/azure-spring-boot-starter-servicebus-jms/servicebus-jms-queue) | @@ -68,7 +68,7 @@ [spring-cloud-starter-azure-appconfiguration-config:1.3.0]: https://search.maven.org/artifact/com.microsoft.azure/spring-cloud-starter-azure-appconfiguration-config/1.3.0/jar [azure-messaging-servicebus:7.4.0]: https://search.maven.org/artifact/com.azure/azure-messaging-servicebus/7.4.0/jar [azure-media:0.9.8]: https://search.maven.org/artifact/com.microsoft.azure/azure-media/0.9.8/jar -[azure-spring-boot-starter-keyvault-secrets:3.9.0]: https://search.maven.org/artifact/com.azure.spring/azure-spring-boot-starter-keyvault-secrets/3.9.0/jar +[spring-cloud-azure-starter-keyvault-secrets:4.0.0-beta.1]: https://search.maven.org/artifact/com.azure.spring/spring-cloud-azure-starter-keyvault-secrets/4.0.0-beta.1/jar [azure-spring-boot-starter-keyvault-certificates:3.2.0]: https://search.maven.org/artifact/com.azure.spring/azure-spring-boot-starter-keyvault-certificates/3.2.0/jar [azure-spring-cloud-stream-binder-eventhubs:2.9.0]: https://search.maven.org/artifact/com.azure.spring/azure-spring-cloud-stream-binder-eventhubs/2.9.0/jar [azure-spring-cloud-starter-eventhubs-kafka:2.9.0]: https://search.maven.org/artifact/com.azure.spring/azure-spring-cloud-starter-eventhubs-kafka/2.9.0/jar diff --git a/keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md similarity index 100% rename from keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/README.md rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md diff --git a/keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml similarity index 100% rename from keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/pom.xml rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml diff --git a/keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java similarity index 100% rename from keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java diff --git a/keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml similarity index 100% rename from keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml diff --git a/pom.xml b/pom.xml index a9da6dafd..60c4e2183 100644 --- a/pom.xml +++ b/pom.xml @@ -70,7 +70,7 @@ keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-client-side keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-server-side - keyvault/azure-spring-boot-starter-keyvault-secrets/keyvault-secrets + keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets mediaservices/azure-spring-boot-sample-mediaservices servicebus/azure-messaging-servicebus/servicebus servicebus/azure-spring-boot-starter-servicebus-jms/servicebus-jms-queue From 5ae498f2cc8dc13b3dd3ec0eb3568f2094f74249 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:28:04 +0800 Subject: [PATCH 02/22] Change parent's artifactId to azure-spring-boot-samples. --- .../keyvault-secrets/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml index 1b1d894ba..50eb4dac3 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml @@ -5,9 +5,9 @@ 4.0.0 - org.springframework.boot - spring-boot-starter-parent - 2.5.4 + com.azure.spring + azure-spring-boot-samples + 1.0.0 com.azure.spring From 6a2410cb2c37a0085a5562df4c79fe50fcc8cb39 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:29:34 +0800 Subject: [PATCH 03/22] Change sample's artifactId. --- .../keyvault-secrets/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml index 50eb4dac3..afbe01e2c 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml @@ -11,7 +11,7 @@ com.azure.spring - azure-spring-boot-sample-keyvault-secrets + spring-cloud-azure-starter-keyvault-secrets-sample 1.0.0 jar From 1377a4d3d52fc863239a580851c83d977b155226 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:30:07 +0800 Subject: [PATCH 04/22] Delete dependencyManagement. --- .../keyvault-secrets/pom.xml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml index afbe01e2c..e5f2ee997 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml @@ -19,18 +19,6 @@ Sample project for Azure Key Vault Secrets Starter https://github.com/Azure/azure-sdk-for-java - - - - com.azure.spring - azure-spring-boot-bom - 3.10.0 - pom - import - - - - com.azure.spring From 3f8d7fc4108d86ac7446377d10af14d908319611 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:30:54 +0800 Subject: [PATCH 05/22] Change dependency to spring-cloud-azure-starter-keyvault-secrets. --- .../keyvault-secrets/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml index e5f2ee997..a2b9215c6 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml @@ -22,7 +22,7 @@ com.azure.spring - azure-spring-boot-starter-keyvault-secrets + spring-cloud-azure-starter-keyvault-secrets org.springframework.boot From 9c9ab7ea08e131875930cb90c7e99d8dd36f7a09 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Fri, 19 Nov 2021 10:35:11 +0800 Subject: [PATCH 06/22] Change configuration property prefix from `azure.keyvault.` to `spring.cloud.azure.keyvault.secret.`. --- .../src/main/resources/application.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml index 8970d2665..9a1e2e466 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml @@ -1,6 +1,9 @@ -azure: - keyvault: - client-id: put-your-client-id-here - client-key: put-your-client-key-here - uri: put-your-uri-here - tenant-id: put-your-tenant-id-here +spring: + cloud: + azure: + keyvault: + secret: + client-id: put-your-client-id-here + client-key: put-your-client-key-here + uri: put-your-uri-here + tenant-id: put-your-tenant-id-here From 89f8ac67def7d49d1ce7e4785648b166217efa8f Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 09:46:46 +0800 Subject: [PATCH 07/22] Delete unused contents. --- .../keyvault-secrets/pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml index a2b9215c6..d3dbf3e68 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml @@ -10,15 +10,10 @@ 1.0.0 - com.azure.spring spring-cloud-azure-starter-keyvault-secrets-sample 1.0.0 jar - Azure Spring Boot Starter Sample - Key Vault Secrets - Sample project for Azure Key Vault Secrets Starter - https://github.com/Azure/azure-sdk-for-java - com.azure.spring From af33924fc264a6bcde8fa01f1075a59d771c1d96 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 09:47:55 +0800 Subject: [PATCH 08/22] Update application.yml. --- .../keyvault-secrets/src/main/resources/application.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml index 9a1e2e466..849f3febe 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml @@ -1,9 +1,9 @@ spring: cloud: azure: + tenant-id: + client-id: + client-key: keyvault: secret: - client-id: put-your-client-id-here - client-key: put-your-client-key-here - uri: put-your-uri-here - tenant-id: put-your-tenant-id-here + endpoint: From 5de61a6a30bb91deca5bf9104b4fc667c053746d Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 09:49:52 +0800 Subject: [PATCH 09/22] Delete unused code. --- .../spring/sample/keyvault/KeyVaultSampleApplication.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java index 4449397ff..9c63e7c9e 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java @@ -3,8 +3,6 @@ package com.azure.spring.sample.keyvault; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.CommandLineRunner; import org.springframework.boot.SpringApplication; @@ -13,8 +11,6 @@ @SpringBootApplication public class KeyVaultSampleApplication implements CommandLineRunner { - private static final Logger LOGGER = LoggerFactory.getLogger(KeyVaultSampleApplication.class); - @Value("${spring-data-source-url}") private String springDataSourceUrl; From d71fdfccafabd7d34fb7b3bf9213e911d60cff65 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 10:06:11 +0800 Subject: [PATCH 10/22] Add new configuration item: property-source-enabled. --- .../keyvault-secrets/src/main/resources/application.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml index 849f3febe..a0f325dcb 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml @@ -6,4 +6,5 @@ spring: client-key: keyvault: secret: + property-source-enabled: true endpoint: From c343970a4aaf4964de6684934fc4861354da1cc0 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 10:52:21 +0800 Subject: [PATCH 11/22] Fix error in application.yml. --- .../keyvault-secrets/src/main/resources/application.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml index a0f325dcb..7a9860aaa 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml @@ -1,9 +1,11 @@ spring: cloud: azure: - tenant-id: - client-id: - client-key: + profile: + tenant-id: + credential: + client-id: + client-secret: keyvault: secret: property-source-enabled: true From e7352a1514ed776a82e8ed80f4af53a7e5344bd6 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 11:27:49 +0800 Subject: [PATCH 12/22] Update README.md. --- .../keyvault-secrets/README.md | 152 ++---------------- 1 file changed, 12 insertions(+), 140 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md index e3fa3a292..1352898d9 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md @@ -1,149 +1,21 @@ ---- -page_type: sample -languages: -- java -products: -- azure-key-vault -description: "Azure Spring Boot Starter Sample project for Key Vault Secrets client library" -urlFragment: "azure-spring-boot-sample-keyvault-secrets" ---- -# Sample for Azure Key Vault Secrets Spring Boot Starter client library for Java +# Spring Cloud Azure Starter Key Vault Secrets Sample -## Key concepts -This sample illustrates how to use [Azure Spring Boot Starter Key Vault Secrets ](https://github.com/Azure/azure-sdk-for-java/blob/azure-spring-boot_3.6.0/sdk/spring/azure-spring-boot-starter-keyvault-secrets/README.md). +This sample illustrates the simplest usage of `spring-cloud-azure-starter-keyvault-secrets`. To learn all features, please refer to [reference doc](https://microsoft.github.io/spring-cloud-azure/docs/4.0.0-beta.1/reference/html/index.html). -In this sample, a secret named `spring-data-source-url` is stored into an Azure Key Vault, and a sample Spring application will use its value as a configuration property value. +## Create Azure resources -## Getting started +1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${client-id}**, and create a secret, get the `Client Secret Value`: **${client-secret}**. +2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${tenant-id}** and `Vault URI` **${endpoint}**. +3. Read [document about assign Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal), assign `Secret Management` template to the client(or principal) we created in step 1. +## Fill the values in application.yml +Fill these values in application.yml: **${tenant-id}**, **${client-id}**, **${client-secret}**, **${endpoint}**. - -### Store Secret -We need to store secret `spring-data-source-url` into Azure Key Vault. - -- Create one azure service principal by using Azure CLI or via [Azure Portal](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal). Save your service principal id and password for later use. -You can use the following az cli commands to create a service principal: -```bash -az login -az account set --subscription - -# create azure service principal by azure cli -az ad sp create-for-rbac --name -# save the appId and password from output -``` -Save the service principal id and password contained in the output from above command. - -- Create Azure Key Vault by using Azure CLI or via [Azure Portal](https://portal.azure.com). You also need to grant appropriate permissions to the service principal created. -You can use the following az cli commands: -```bash -az keyvault create --name \ - --resource-group \ - --location \ - --enabled-for-deployment true \ - --enabled-for-disk-encryption true \ - --enabled-for-template-deployment true \ - --sku standard -az keyvault set-policy --name \ - --secret-permission get list \ - --spn -``` -> **IMPORTANT** -> -> The property `azure.keyvault.secret-keys` specifies which exact secrets the application will load from Key Vault. If this property is not set, which means the application will have to **list** all the secrets in Key Vault, you have to grant both **LIST** and **GET** secret permission to the service principal. Otherwise, only **GET** secret permission is needed. - -Save the displayed Key Vault uri for later use. - -- Set secret in Azure Key Vault by using Azure CLI or via Azure Portal. -You can use the following az cli commands: -```bash -az keyvault secret set --name spring-data-source-url \ - --value jdbc:mysql://localhost:3306/moviedb \ - --vault-name -az keyvault secret set --name \ - --value \ - --vault-name -``` - -- If you want to use certificate authentication, upload the certificate file to App registrations or in Azure Active Directory. - - Upload using Azure Portal - 1. Select **App registrations**, then select the application name or service principal name just created. - - 1. Select **Certificates & secrets**, then select **Upload Certificate**, upload your cer, pem, or crt type certificate, click **Add** button to complete the upload. - - 1. If you add a new application, one more step is to grant appropriate permissions to the application created. Please see [Assign an access policy][assign-an-access-policy]. - You can also use the above `az keyvault set-policy` command to authorize the application id to access the Key Vault. - - - Upload using Azure Cli - 1. You can use the following az cli commands to create a service principal with the certificate, and complete the certificate configuration in one step. Please see [Certificate-based authentication][certificate-based-authentication]. - ```bash - # create azure service principal with the certificate by azure cli - az ad sp create-for-rbac --name --cert @/path/to/cert.pem - # save the appId and password from output - az keyvault set-policy --name \ - --secret-permission get list \ - --spn - ``` - -## Examples - -### The key-based authentication property setting -Open `application.properties` file and add below properties to specify your Azure Key Vault url, Azure service principal client id and client key. - -```properties -azure.keyvault.uri=put-your-azure-keyvault-uri-here -azure.keyvault.client-id=put-your-azure-client-id-here -azure.keyvault.client-key=put-your-azure-client-key-here -azure.keyvault.tenant-id=put-your-azure-tenant-id-here -azure.keyvault.authority-host=put-your-own-authority-host-here(fill with default value if empty) -azure.keyvault.secret-service-version=specify secretServiceVersion value(fill with default value if empty) - - -# Uncomment following property if you want to specify the secrets to load from Key Vault -# azure.keyvault.secret-keys=yourSecretPropertyName1,yourSecretPropertyName2 +## Start application +Start the application, you will see a log like this: +```text +property springDataSourceUrl in Azure Key Vault: ``` -`azure.keyvault.authority-host` - -The URL at which your identity provider can be reached. - -- If working with azure global, just left the property blank, and the value will be filled with the default value. - -- If working with azure stack, set the property with authority URL. - -`azure.keyvault.secret-service-version` - -The valid secret-service-version value can be found [here][version_link]. - -If property not set, the property will be filled with the latest value. - -### The certificate-based authentication property setting -If you use certificate authentication, you only need to replace the property `azure.keyvault.client-key` with `azure.keyvault.certificate-path`, which points to your certificate. - -```properties -azure.keyvault.uri=put-your-azure-keyvault-uri-here -azure.keyvault.client-id=put-your-azure-client-id-here -azure.keyvault.certificate-path=put-your-certificate-file-path-here -azure.keyvault.certificate-password=put-your-certificate-password-here-if-exists -azure.keyvault.tenant-id=put-your-azure-tenant-id-here -azure.keyvault.authority-host=put-your-own-authority-host-here(fill with default value if empty) -azure.keyvault.secret-service-version=specify secretServiceVersion value(fill with default value if empty) -``` -Note: due to underlying library limitation from msal4j, when using certificates with password for authentication, please make sure the provided certificate file only contains one certificate entry. -This is because msal4f supports certificate chain by loading it from the end-entity certificate automatically. So you can provide the end-entity certificate only instead of the whole chain. For more details, please refer to the related [PR](https://github.com/AzureAD/microsoft-authentication-library-for-java/pull/276). -## Run with Maven -``` -cd azure-spring-boot-samples/keyvault/azure-spring-boot-sample-keyvault-secrets -mvn spring-boot:run -``` - -## Troubleshooting -## Next steps -## Contributing - - - -[version_link]: https://github.com/Azure/azure-sdk-for-java/blob/azure-spring-boot_3.6.0/sdk/keyvault/azure-security-keyvault-secrets/src/main/java/com/azure/security/keyvault/secrets/SecretServiceVersion.java#L12 -[certificate-based-authentication]: https://docs.microsoft.com/cli/azure/create-an-azure-service-principal-azure-cli#certificate-based-authentication -[assign-an-access-policy]: https://docs.microsoft.com/azure/key-vault/general/assign-access-policy-portal#assign-an-access-policy From ec7de31eac0daab6736418170c71f9097856c32f Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 11:28:05 +0800 Subject: [PATCH 13/22] Change the placeholder in application.yml. --- .../keyvault-secrets/src/main/resources/application.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml index 7a9860aaa..24768d04a 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml @@ -2,11 +2,11 @@ spring: cloud: azure: profile: - tenant-id: + tenant-id: ${tenant-id} credential: - client-id: - client-secret: + client-id: ${client-id} + client-secret: ${client-secret} keyvault: secret: property-source-enabled: true - endpoint: + endpoint: ${endpoint} From 3cd94ee6bd36e71207b5d6ef6f01bea3f8c7258c Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 23:36:57 +0800 Subject: [PATCH 14/22] Change folder's name to "single-property-source". --- .../{keyvault-secrets => single-property-source}/README.md | 0 .../{keyvault-secrets => single-property-source}/pom.xml | 0 .../azure/spring/sample/keyvault/KeyVaultSampleApplication.java | 0 .../src/main/resources/application.yml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/{keyvault-secrets => single-property-source}/README.md (100%) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/{keyvault-secrets => single-property-source}/pom.xml (100%) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/{keyvault-secrets => single-property-source}/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java (100%) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/{keyvault-secrets => single-property-source}/src/main/resources/application.yml (100%) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md similarity index 100% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/README.md rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml similarity index 100% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/pom.xml rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java similarity index 100% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml similarity index 100% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets/src/main/resources/application.yml rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml From 80156bd4d321918510893bad2aa1383fa98820e3 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 23:37:32 +0800 Subject: [PATCH 15/22] Change sample's artifact name. --- .../single-property-source/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml index d3dbf3e68..7138566fb 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml @@ -10,7 +10,7 @@ 1.0.0 - spring-cloud-azure-starter-keyvault-secrets-sample + spring-cloud-azure-starter-keyvault-secrets-sample-single-property-source 1.0.0 jar From 19c86dcec6dd153b24a07e3e64f2e869cda93b24 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Sun, 21 Nov 2021 23:38:58 +0800 Subject: [PATCH 16/22] Change package name. --- .../single/property/source}/KeyVaultSampleApplication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/{sample/keyvault => keyvault/secrets/sample/single/property/source}/KeyVaultSampleApplication.java (91%) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java similarity index 91% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java index 9c63e7c9e..5d046f8a3 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/sample/keyvault/KeyVaultSampleApplication.java +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. -package com.azure.spring.sample.keyvault; +package com.azure.spring.keyvault.secrets.sample.single.property.source; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.CommandLineRunner; From 29f0c4b2bbbb2e5de3ace56a841454e2b6b1581e Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:01:01 +0800 Subject: [PATCH 17/22] Change placeholder to upper case. --- .../src/main/resources/application.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml index 24768d04a..aea83984a 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/resources/application.yml @@ -2,11 +2,11 @@ spring: cloud: azure: profile: - tenant-id: ${tenant-id} + tenant-id: ${AZURE_TENANT_ID} credential: - client-id: ${client-id} - client-secret: ${client-secret} + client-id: ${AZURE_CLIENT_ID} + client-secret: ${AZURE_CLIENT_SECRET} keyvault: secret: property-source-enabled: true - endpoint: ${endpoint} + endpoint: ${ENDPOINT} From f7bab50d68703e79bce04357e6b16b9be2123f84 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:32:35 +0800 Subject: [PATCH 18/22] Fix parent.relativePath. --- .../single-property-source/pom.xml | 1 + pom.xml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml index 7138566fb..6d3bdcf07 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/pom.xml @@ -8,6 +8,7 @@ com.azure.spring azure-spring-boot-samples 1.0.0 + ../../../pom.xml spring-cloud-azure-starter-keyvault-secrets-sample-single-property-source diff --git a/pom.xml b/pom.xml index 60c4e2183..0cde04bc9 100644 --- a/pom.xml +++ b/pom.xml @@ -70,7 +70,8 @@ keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-client-side keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-server-side - keyvault/spring-cloud-azure-starter-keyvault-secrets/keyvault-secrets + keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source + keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source mediaservices/azure-spring-boot-sample-mediaservices servicebus/azure-messaging-servicebus/servicebus servicebus/azure-spring-boot-starter-servicebus-jms/servicebus-jms-queue From 3b847407aebe6dcd30653e8e0a278bd2ce86f63a Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:33:03 +0800 Subject: [PATCH 19/22] Add new sample: Key Vault secrets, multiple property source. --- .../multiple-property-source/README.md | 21 ++++++++++++ .../multiple-property-source/pom.xml | 33 +++++++++++++++++++ .../source/KeyVaultSampleApplication.java | 31 +++++++++++++++++ .../src/main/resources/application.yml | 23 +++++++++++++ 4 files changed, 108 insertions(+) create mode 100644 keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md create mode 100644 keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/pom.xml create mode 100644 keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java create mode 100644 keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/resources/application.yml diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md new file mode 100644 index 000000000..1352898d9 --- /dev/null +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md @@ -0,0 +1,21 @@ + +# Spring Cloud Azure Starter Key Vault Secrets Sample + +This sample illustrates the simplest usage of `spring-cloud-azure-starter-keyvault-secrets`. To learn all features, please refer to [reference doc](https://microsoft.github.io/spring-cloud-azure/docs/4.0.0-beta.1/reference/html/index.html). + +## Create Azure resources + +1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${client-id}**, and create a secret, get the `Client Secret Value`: **${client-secret}**. +2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${tenant-id}** and `Vault URI` **${endpoint}**. +3. Read [document about assign Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal), assign `Secret Management` template to the client(or principal) we created in step 1. + +## Fill the values in application.yml +Fill these values in application.yml: **${tenant-id}**, **${client-id}**, **${client-secret}**, **${endpoint}**. + +## Start application +Start the application, you will see a log like this: +```text +property springDataSourceUrl in Azure Key Vault: +``` + + diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/pom.xml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/pom.xml new file mode 100644 index 000000000..7cf6c4859 --- /dev/null +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/pom.xml @@ -0,0 +1,33 @@ + + + 4.0.0 + + + com.azure.spring + azure-spring-boot-samples + 1.0.0 + ../../../pom.xml + + + spring-cloud-azure-starter-keyvault-secrets-sample-multiple-property-source + 1.0.0 + jar + + + + com.azure.spring + spring-cloud-azure-starter-keyvault-secrets + + + org.springframework.boot + spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter-web + + + + diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java new file mode 100644 index 000000000..bdcd075f4 --- /dev/null +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java @@ -0,0 +1,31 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.azure.spring.keyvault.secrets.sample.single.property.source; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.CommandLineRunner; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class KeyVaultSampleApplication implements CommandLineRunner { + + @Value("${secret_name_in_key_vault_1}") + private String secretNameInKeyVault1; + @Value("${secret_name_in_key_vault_2}") + private String secretNameInKeyVault2; + @Value("${secret_name_in_key_vault_both}") + private String secretNameInKeyVaultBoth; + + public static void main(String[] args) { + SpringApplication.run(KeyVaultSampleApplication.class, args); + } + + public void run(String[] args) { + System.out.println("secretNameInKeyVault1: " + secretNameInKeyVault1); + System.out.println("secretNameInKeyVault2: " + secretNameInKeyVault2); + System.out.println("secretNameInKeyVaultBoth: " + secretNameInKeyVaultBoth); + } + +} diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/resources/application.yml b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/resources/application.yml new file mode 100644 index 000000000..42602d219 --- /dev/null +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/resources/application.yml @@ -0,0 +1,23 @@ +spring: + cloud: + azure: + keyvault: + secret: + property-source-enabled: true + property-sources: + - + name: key-vault-1 + endpoint: ${ENDPOINT_1} + profile: + tenant-id: ${AZURE_TENANT_ID_1} + credential: + client-id: ${AZURE_CLIENT_ID_1} + client-secret: ${AZURE_CLIENT_SECRET_1} + - + name: key-vault-2 + endpoint: ${ENDPOINT_2} + profile: + tenant-id: ${AZURE_TENANT_ID_2} + credential: + client-id: ${AZURE_CLIENT_ID_2} + client-secret: ${AZURE_CLIENT_SECRET_2} From da6e1aacc2448930316bf851bd463291c4cf336e Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:48:19 +0800 Subject: [PATCH 20/22] Update the property name. --- .../single/property/source/KeyVaultSampleApplication.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java index bdcd075f4..65c150be9 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java @@ -11,11 +11,11 @@ @SpringBootApplication public class KeyVaultSampleApplication implements CommandLineRunner { - @Value("${secret_name_in_key_vault_1}") + @Value("${secret-name-in-key-vault-1}") private String secretNameInKeyVault1; - @Value("${secret_name_in_key_vault_2}") + @Value("${secret-name-in-key-vault-2}") private String secretNameInKeyVault2; - @Value("${secret_name_in_key_vault_both}") + @Value("${secret-name-in-key-vault-both}") private String secretNameInKeyVaultBoth; public static void main(String[] args) { From db29e2af20f793c21a5149261bb9f91fa66bf936 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:50:21 +0800 Subject: [PATCH 21/22] Change the application class name. --- ...eyVaultSampleApplication.java => SampleApplication.java} | 4 ++-- .../property/source/SampleApplication.java} | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/{KeyVaultSampleApplication.java => SampleApplication.java} (88%) rename keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/{single/property/source/KeyVaultSampleApplication.java => multiple/property/source/SampleApplication.java} (74%) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/SampleApplication.java similarity index 88% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/SampleApplication.java index 65c150be9..2afbabf9a 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/SampleApplication.java @@ -9,7 +9,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication -public class KeyVaultSampleApplication implements CommandLineRunner { +public class SampleApplication implements CommandLineRunner { @Value("${secret-name-in-key-vault-1}") private String secretNameInKeyVault1; @@ -19,7 +19,7 @@ public class KeyVaultSampleApplication implements CommandLineRunner { private String secretNameInKeyVaultBoth; public static void main(String[] args) { - SpringApplication.run(KeyVaultSampleApplication.class, args); + SpringApplication.run(SampleApplication.class, args); } public void run(String[] args) { diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/multiple/property/source/SampleApplication.java similarity index 74% rename from keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java rename to keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/multiple/property/source/SampleApplication.java index 5d046f8a3..5b4906fce 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/single/property/source/KeyVaultSampleApplication.java +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/src/main/java/com/azure/spring/keyvault/secrets/sample/multiple/property/source/SampleApplication.java @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. -package com.azure.spring.keyvault.secrets.sample.single.property.source; +package com.azure.spring.keyvault.secrets.sample.multiple.property.source; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.CommandLineRunner; @@ -9,13 +9,13 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication -public class KeyVaultSampleApplication implements CommandLineRunner { +public class SampleApplication implements CommandLineRunner { @Value("${spring-data-source-url}") private String springDataSourceUrl; public static void main(String[] args) { - SpringApplication.run(KeyVaultSampleApplication.class, args); + SpringApplication.run(SampleApplication.class, args); } public void run(String[] args) { From 02712f7a6d891430e79b626f5d7ace68ae739f17 Mon Sep 17 00:00:00 2001 From: Rujun Chen Date: Mon, 22 Nov 2021 00:58:56 +0800 Subject: [PATCH 22/22] Update README.md. --- .../multiple-property-source/README.md | 12 ++++++++---- .../single-property-source/README.md | 6 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md index 1352898d9..c4c7f579c 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/multiple-property-source/README.md @@ -5,17 +5,21 @@ This sample illustrates the simplest usage of `spring-cloud-azure-starter-keyvau ## Create Azure resources -1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${client-id}**, and create a secret, get the `Client Secret Value`: **${client-secret}**. -2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${tenant-id}** and `Vault URI` **${endpoint}**. +1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${AZURE_CLIENT_ID_1}**, and create a secret, get the `Client Secret Value`: **${AZURE_CLIENT_SECRET_1}**. +2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${AZURE_TENANT_ID_1}** and `Vault URI` **${ENDPOINT_1}**. 3. Read [document about assign Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal), assign `Secret Management` template to the client(or principal) we created in step 1. +4. Same to previous steps, get **${AZURE_CLIENT_ID_2}**, **${AZURE_CLIENT_SECRET_2}**, **${AZURE_TENANT_ID_2}** and **${ENDPOINT_1}**. assign `Secret Management` template to the **${AZURE_CLIENT_ID_2}. ## Fill the values in application.yml -Fill these values in application.yml: **${tenant-id}**, **${client-id}**, **${client-secret}**, **${endpoint}**. +Fill these values in application.yml: **${AZURE_TENANT_ID_1}**, **${AZURE_CLIENT_ID_1}**, **${AZURE_CLIENT_SECRET_1}**, **${ENDPOINT_1}**, **${AZURE_TENANT_ID_2}**, **${AZURE_CLIENT_ID_2}**, **${AZURE_CLIENT_SECRET_2}**, **${ENDPOINT_2}**. ## Start application Start the application, you will see a log like this: ```text -property springDataSourceUrl in Azure Key Vault: +secretNameInKeyVault1: secret-value-1 +secretNameInKeyVault2: secret-name-in-key-vault-2-value-2 +secretNameInKeyVaultBoth: secret-value-1 ``` +We can see that property-source-1 have higher priority. diff --git a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md index 1352898d9..447918edb 100644 --- a/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md +++ b/keyvault/spring-cloud-azure-starter-keyvault-secrets/single-property-source/README.md @@ -5,12 +5,12 @@ This sample illustrates the simplest usage of `spring-cloud-azure-starter-keyvau ## Create Azure resources -1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${client-id}**, and create a secret, get the `Client Secret Value`: **${client-secret}**. -2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${tenant-id}** and `Vault URI` **${endpoint}**. +1. Read [document about register an application](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app), register an application. get the `Application (client) ID`: **${AZURE_CLIENT_ID}**, and create a secret, get the `Client Secret Value`: **${AZURE_CLIENT_SECRET}**. +2. Read [document about create key vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal), get the `Directory ID`: **${AZURE_TENANT_ID}** and `Vault URI` **${ENDPOINT}**. 3. Read [document about assign Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal), assign `Secret Management` template to the client(or principal) we created in step 1. ## Fill the values in application.yml -Fill these values in application.yml: **${tenant-id}**, **${client-id}**, **${client-secret}**, **${endpoint}**. +Fill these values in application.yml: **${AZURE_TENANT_ID}**, **${AZURE_CLIENT_ID}**, **${AZURE_CLIENT_SECRET}**, **${ENDPOINT}**. ## Start application Start the application, you will see a log like this: