Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Cloud Azure is an open-source project that provides integration between your Spring applications and Azure services, using conventional expressions and configurations that are native to Spring application development. Despite the similarity in the name, Spring Cloud Azure is different from Azure Spring Apps, a web hosting platform designed for running Spring Apps on Azure.
Spring Cloud Azure can help make it easier to accomplish the following tasks in Spring applications:
The following diagram provides an overview of these features:
The following section demonstrates the benefits of using Spring Cloud Azure. In this section, the retrieval of secrets stored in Azure Key Vault is used as an example. This section compares the differences between developing a Spring Boot application with and without Spring Cloud Azure.
Without Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, you need to the following steps:
Add the following dependencies to your pom.xml file:
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-security-keyvault-secrets</artifactId>
<version>4.5.2</version>
</dependency>
Construct a SecretClient
class instance by using code similar to the following example:
public class DemoClass {
public static void main(String... args) {
SecretClient client = new SecretClientBuilder()
.vaultUrl("vaultUrl")
.credential(new ClientSecretCredentialBuilder()
.tenantId("tenantId")
.clientId("clientId")
.clientSecret("clientSecret")
.build())
.buildClient();
}
}
Avoid hard coding information such as client-id
and client-secret
by making these properties configurable, as shown in the following example:
@ConfigurationProperties("azure.keyvault")
public class KeyVaultProperties {
private String vaultUrl;
private String tenantId;
private String clientId;
private String clientSecret;
public KeyVaultProperties(String vaultUrl, String tenantId, String clientId, String clientSecret) {
this.vaultUrl = vaultUrl;
this.tenantId = tenantId;
this.clientId = clientId;
this.clientSecret = clientSecret;
}
public String getVaultUrl() {
return vaultUrl;
}
public void setVaultUrl(String vaultUrl) {
this.vaultUrl = vaultUrl;
}
public String getTenantId() {
return tenantId;
}
public void setTenantId(String tenantId) {
this.tenantId = tenantId;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getClientSecret() {
return clientSecret;
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
}
Update your application code as shown in this example:
@SpringBootApplication
@EnableConfigurationProperties(KeyVaultProperties.class)
public class SecretClientApplication implements CommandLineRunner {
private KeyVaultProperties properties;
public SecretClientApplication(KeyVaultProperties properties) {
this.properties = properties;
}
public static void main(String[] args) {
SpringApplication.run(SecretClientApplication.class, args);
}
@Override
public void run(String... args) {
SecretClient client = new SecretClientBuilder()
.vaultUrl(properties.getVaultUrl())
.credential(new ClientSecretCredentialBuilder()
.tenantId(properties.getTenantId())
.clientId(properties.getClientId())
.clientSecret(properties.getClientSecret())
.build())
.buildClient();
System.out.println("sampleProperty: " + client.getSecret("sampleProperty").getValue());
}
}
Add the necessary properties to your application.yml file, as shown in the following example:
azure:
keyvault:
vault-url:
tenant-id:
client-id:
client-secret:
If you need to use SecretClient
in multiple places, define a SecretClient
bean. Then, auto-wire SecretClient
in the relevant places.
With Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, the requirements are simpler, as shown in the following steps:
Add the following dependencies to your pom.xml file:
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
</dependency>
</dependencies>
Use a bill of materials (BOM) to manage the Spring Cloud Azure version, as shown in the following example:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-dependencies</artifactId>
<version>4.19.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Add the following properties to your application.yml file:
spring:
cloud:
azure:
keyvault:
secret:
endpoint:
Sign in with Azure CLI by using the following command. Your credentials will then be provided by Azure CLI, so there will be no need to add other credential information such as client-id
and client-secret
.
az login
Auto-wire SecretClient
in the relevant places, as shown in the following example:
@SpringBootApplication
public class SecretClientApplication implements CommandLineRunner {
private final SecretClient secretClient;
public SecretClientApplication(SecretClient secretClient) {
this.secretClient = secretClient;
}
public static void main(String[] args) {
SpringApplication.run(SecretClientApplication.class, args);
}
@Override
public void run(String... args) {
System.out.println("sampleProperty: " + secretClient.getSecret("sampleProperty").getValue());
}
}
Spring Cloud Azure will provide some other features besides the auto-configured SecretClient
. For example, you can use @Value
to get the secret value, as shown in the following example:
@SpringBootApplication
public class PropertySourceApplication implements CommandLineRunner {
@Value("${sampleProperty1}")
private String sampleProperty1;
public static void main(String[] args) {
SpringApplication.run(PropertySourceApplication.class, args);
}
public void run(String[] args) {
System.out.println("sampleProperty1: " + sampleProperty1);
}
}
Provides auto-configuration support for Azure Services, such as Service Bus, Storage, Active Directory, and so on.
Provides integration support for Spring Security with Azure Active Directory for authentication. For more information, see the Spring security support section of the Spring Cloud Azure developer guide.
Provides Spring @Value
annotation support for integration with Azure Key Vault Secrets. For more information, see the Secret management section of the Spring Cloud Azure developer guide.
Provides Spring Boot support for Azure Storage services. For more information, see the Resource handling section of the Spring Cloud Azure developer guide.
If you need support for Spring Cloud Azure, you can ask for help in the following ways:
Bootstrap your application with Spring Initializr.