What is Spring Cloud Azure?

Spring Cloud Azure is an open-source project that provides integration between your Spring applications and Azure services, using conventional expressions and configurations that are native to Spring application development. Despite the similarity in the name, Spring Cloud Azure is different from Azure Spring Apps, a web hosting platform designed for running Spring Apps on Azure.

What is Spring Cloud Azure used for?

Spring Cloud Azure can help make it easier to accomplish the following tasks in Spring applications:

• Managing configuration properties with Azure App Configuration.
• Sending and receiving messages with Azure Event Hubs, Azure Service Bus, and Azure Storage Queue.
• Managing secrets and certificates with Azure Key Vault.
• Supporting user sign-in with work or school accounts provisioned with Azure Active Directory.
• Supporting user sign-in with social accounts like Facebook and Google with Azure Active Directory B2C.
• Protecting your web APIs and accessing protected APIs like Microsoft Graph to work with your users' and organization's data with Azure Active Directory and Azure Active Directory B2C.
• Storing structured data with Azure Cosmos DB.
• Storing unstructured data like text or binary data with Azure Blob Storage.
• Storing files with Azure Files.

The following diagram provides an overview of these features:

Benefits of using Spring Cloud Azure

The following section demonstrates the benefits of using Spring Cloud Azure. In this section, the retrieval of secrets stored in Azure Key Vault is used as an example. This section compares the differences between developing a Spring Boot application with and without Spring Cloud Azure.

Without Spring Cloud Azure

Without Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, you need to the following steps:

1. Add the following dependencies to your pom.xml file:

   <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-security-keyvault-secrets</artifactId>
      <version>4.5.2</version>
   </dependency>
   

2. Construct a SecretClient class instance by using code similar to the following example:

   public class DemoClass {
       public static void main(String... args) {
       SecretClient client = new SecretClientBuilder()
           .vaultUrl("vaultUrl")
           .credential(new ClientSecretCredentialBuilder()
               .tenantId("tenantId")
               .clientId("clientId")
               .clientSecret("clientSecret")
               .build())
           .buildClient();
       }
   }
   

3. Avoid hard coding information such as client-id and client-secret by making these properties configurable, as shown in the following example:

   @ConfigurationProperties("azure.keyvault")
   public class KeyVaultProperties {
       private String vaultUrl;
       private String tenantId;
       private String clientId;
       private String clientSecret;
   
       public KeyVaultProperties(String vaultUrl, String tenantId, String clientId, String clientSecret) {
           this.vaultUrl = vaultUrl;
           this.tenantId = tenantId;
           this.clientId = clientId;
           this.clientSecret = clientSecret;
       }
   
       public String getVaultUrl() {
           return vaultUrl;
       }
   
       public void setVaultUrl(String vaultUrl) {
           this.vaultUrl = vaultUrl;
       }
   
       public String getTenantId() {
           return tenantId;
       }
   
       public void setTenantId(String tenantId) {
           this.tenantId = tenantId;
       }
   
       public String getClientId() {
           return clientId;
       }
   
       public void setClientId(String clientId) {
           this.clientId = clientId;
       }
   
       public String getClientSecret() {
           return clientSecret;
       }
   
       public void setClientSecret(String clientSecret) {
           this.clientSecret = clientSecret;
       }
   }
   

4. Update your application code as shown in this example:

   @SpringBootApplication
   @EnableConfigurationProperties(KeyVaultProperties.class)
   public class SecretClientApplication implements CommandLineRunner {
       private KeyVaultProperties properties;
   
       public SecretClientApplication(KeyVaultProperties properties) {
           this.properties = properties;
       }
   
       public static void main(String[] args) {
           SpringApplication.run(SecretClientApplication.class, args);
       }
   
       @Override
       public void run(String... args) {
           SecretClient client = new SecretClientBuilder()
               .vaultUrl(properties.getVaultUrl())
               .credential(new ClientSecretCredentialBuilder()
                   .tenantId(properties.getTenantId())
                   .clientId(properties.getClientId())
                   .clientSecret(properties.getClientSecret())
                   .build())
               .buildClient();
           System.out.println("sampleProperty: " + client.getSecret("sampleProperty").getValue());
       }
   }
   

5. Add the necessary properties to your application.yml file, as shown in the following example:

   azure:
     keyvault:
       vault-url:
       tenant-id:
       client-id:
       client-secret:
   

6. If you need to use SecretClient in multiple places, define a SecretClient bean. Then, auto-wire SecretClient in the relevant places.

With Spring Cloud Azure

With Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, the requirements are simpler, as shown in the following steps:

1. Add the following dependencies to your pom.xml file:

   <dependencies>
     <dependency>
       <groupId>com.azure.spring</groupId>
       <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
     </dependency>
   </dependencies>
   

2. Use a bill of materials (BOM) to manage the Spring Cloud Azure version, as shown in the following example:

   <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>com.azure.spring</groupId>
        <artifactId>spring-cloud-azure-dependencies</artifactId>
        <version>4.14.0</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
   </dependencyManagement>
   

3. Add the following properties to your application.yml file:

   spring:
     cloud:
       azure:
         keyvault:
           secret:
             endpoint:
   

4. Sign in with Azure CLI by using the following command. Your credentials will then be provided by Azure CLI, so there will be no need to add other credential information such as client-id and client-secret.

   az login
   

5. Auto-wire SecretClient in the relevant places, as shown in the following example:

   @SpringBootApplication
   public class SecretClientApplication implements CommandLineRunner {
   
       private final SecretClient secretClient;
   
       public SecretClientApplication(SecretClient secretClient) {
           this.secretClient = secretClient;
       }
   
       public static void main(String[] args) {
           SpringApplication.run(SecretClientApplication.class, args);
       }
   
       @Override
       public void run(String... args) {
           System.out.println("sampleProperty: " + secretClient.getSecret("sampleProperty").getValue());
       }
   }
   

Spring Cloud Azure will provide some other features besides the auto-configured SecretClient. For example, you can use @Value to get the secret value, as shown in the following example:

@SpringBootApplication
public class PropertySourceApplication implements CommandLineRunner {

    @Value("${sampleProperty1}")
    private String sampleProperty1;

    public static void main(String[] args) {
        SpringApplication.run(PropertySourceApplication.class, args);
    }

    public void run(String[] args) {
        System.out.println("sampleProperty1: " + sampleProperty1);
    }

}

Components of Spring Cloud Azure

Azure support

Provides auto-configuration support for Azure Services, such as Service Bus, Storage, Active Directory, and so on.

Azure Active Directory

Provides integration support for Spring Security with Azure Active Directory for authentication. For more information, see the Spring security support section of the Spring Cloud Azure developer guide.

Azure Key Vault

Provides Spring @Value annotation support for integration with Azure Key Vault Secrets. For more information, see the Secret management section of the Spring Cloud Azure developer guide.

Azure Storage

Provides Spring Boot support for Azure Storage services. For more information, see the Resource handling section of the Spring Cloud Azure developer guide.

Resources:

• Source code: Azure/azure-sdk-for-java
• Samples: Azure-Samples/azure-spring-boot-samples
• Documentation: Spring Cloud Azure

Get support

If you need support for Spring Cloud Azure, you can ask for help in the following ways:

• Create Azure support tickets. Customers with an Azure support plan can open an Azure support ticket. We recommend this option if your problem requires immediate attention.
• File GitHub issues in the Azure/azure-sdk-for-java repository. We use GitHub issues to track bugs, questions, and feature requests. GitHub issues are free, but the response time isn't guaranteed. For more information, see GitHub issues support process.