Integrating Azure Key Vault with a Spring Boot application

Integrating Azure Key Vault with a Spring Boot application allows you to securely manage and access sensitive configuration data, such as database credentials or API keys. By leveraging Spring Cloud Azure's Key Vault integration, you can externalize these configurations and inject them into your application components seamlessly.

1. Add Dependencies:

First, include the necessary dependencies in your pom.xml file:


<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-dependencies</artifactId>
            <version>5.19.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

<dependencies>
    <dependency>
        <groupId>com.azure.spring</groupId>
        <artifactId>spring-cloud-azure-starter-keyvault</artifactId>
    </dependency>
</dependencies>

This setup ensures that all Spring Cloud Azure dependencies are aligned with the specified version.

learn.microsoft.com

2. Configure Application Properties:

In your application.properties or application.yml, configure the Key Vault properties:


spring.cloud.azure.keyvault.secret.property-sources[0].name=key-vault-property-source-1
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://<your-key-vault-name>.vault.azure.net/
spring.cloud.azure.keyvault.secret.property-source-enabled=true

Replace <your-key-vault-name> with the name of your Azure Key Vault. This configuration enables Spring Cloud Azure to treat Key Vault as a property source, allowing secrets to be accessed as if they were part of your application's configuration properties.

baeldung.com

3. Inject Secrets into Your Component:

With the above configuration, you can inject secrets directly into your Spring components using the @Value annotation:

java
CopyEdit
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class MyService {

    @Value("${my-secret-key}")
    private String secretValue;

    public void performAction() {
        System.out.println("The secret value is: " + secretValue);
        // Use the secretValue as needed
    }
}

In this example, my-secret-key corresponds to the name of the secret stored in Azure Key Vault. Spring Cloud Azure retrieves this secret and injects its value into the secretValue field.

4. Considerations for Constructor Injection:

If you prefer to use constructor injection, ensure that the secrets are available at the time of bean instantiation. With the above configuration, Spring Cloud Azure fetches the secrets during the application context initialization, making them available for constructor injection:

java
CopyEdit
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class MyService {

    private final String secretValue;

    public MyService(@Value("${my-secret-key}") String secretValue) {
        this.secretValue = secretValue;
    }

    public void performAction() {
        System.out.println("The secret value is: " + secretValue);
        // Use the secretValue as needed
    }
}

By following this approach, you ensure that the secret is injected during the bean's instantiation phase, aligning with the typical lifecycle of Spring beans.

For a comprehensive guide on integrating Azure Key Vault with Spring Boot, refer to the official Microsoft documentation.