I am not a Java/Spring Boot developer however I want to build a simple Spring boot application which would read configuration from Key vault and connect to SQL.
I have two separate solutions for each one of those
Key vault solution is to read the secrets from the Azure Key vault
package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.beans.factory.annotation.Value;
@SpringBootApplication
@RestController
public class KeyvaultApplication {
public static void main(String[] args) {
SpringApplication.run(KeyvaultApplication.class, args);
}
@GetMapping("get")
public String get() {
return connectionString;
}
@Value("${connectionString}")
private String connectionString;
public void run(String... varl) throws Exception {
System.out.println(String.format("\nConnection String stored in Azure Key Vault:\n%s\n",connectionString));
}
}
application.properties
azure.keyvault.client-id=xxxx
azure.keyvault.client-key=xxxx
azure.keyvault.enabled=true
azure.keyvault.tenant-id=xxxxx
azure.keyvault.uri=https://xxxxx-keyvault85.vault.azure.net/
======================================================================
and SQL solution to insert the data into the Azure SQL Database
application.properties
logging.level.org.springframework.jdbc.core=DEBUG
spring.datasource.url=jdbc:sqlserver://xxxx-sql.database.windows.net:1433;database=demo;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;
spring.datasource.username=spring@databasename
spring.datasource.password=Password
spring.datasource.initialization-mode=never
TodoController.java
package com.example.demo;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/")
public class TodoController {
private final TodoRepository todoRepository;
public TodoController(TodoRepository todoRepository) {
this.todoRepository = todoRepository;
}
@PostMapping("/")
@ResponseStatus(HttpStatus.CREATED)
public Todo createTodo(@RequestBody Todo todo) {
return todoRepository.save(todo);
}
@GetMapping("/")
public Iterable<Todo> getTodos() {
return todoRepository.findAll();
}
}
TodoRepository.java
package com.example.demo;
import org.springframework.data.repository.CrudRepository;
public interface TodoRepository extends CrudRepository<Todo, Long> {
}
Todo.java
package com.example.demo;
import org.springframework.data.annotation.Id;
public class Todo {
public Todo() {
}
public Todo(String description, String details, boolean done) {
this.description = description;
this.details = details;
this.done = done;
}
@Id
private Long id;
private String description;
private String details;
private boolean done;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getDetails() {
return details;
}
public void setDetails(String details) {
this.details = details;
}
public boolean isDone() {
return done;
}
public void setDone(boolean done) {
this.done = done;
}
}
Both the solution works independently however I want to combine the solutions so that I can read the SQL configuration from the Azure Key vault and connect with Azure SQL database. How do I achieve this?
May you could ref this document: Tutorial: Reading a secret from Azure Key Vault in a Spring Boot application:
Spring Boot applications externalize sensitive information such as usernames and passwords. Externalizing sensitive information enables better maintainability, testability, and security. Storing secrets outside of the code is better than hard coding the information, or inlining it at build time.
This tutorial describes how to create a Spring Boot app that reads a value from Azure Key Vault, then deploy the app to Azure App Service and Azure Spring Cloud.
Summaries of Add Key Vault integration to the app:
Follow these steps to add the necessary configuration to application.properties file.
Open src/main/resources/application.properties in an editor and make it have the following contents, adjusting the values for your Azure subscription.
azure.keyvault.client-id=685on005-ns8q-4o04-8s16-n7os38o2ro5n
azure.keyvault.client-key=4bt.lCKJKlbYLn_3XF~wWtUwyHU0jKggu2
azure.keyvault.enabled=true
azure.keyvault.tenant-id=72s988os-86s1-41ns-91no-2q7pq011qo47
azure.keyvault.uri=https://contosokv.vault.azure.net/
The complete list of properties available is documented in the property reference.
Save the file and close it.
Make one simple changes to the KeyvaultApplication.java file (or whatever the class name is in your case).
Open src/main/java/com/contoso/keyvault/KeyvaultApplication.java in a text editor.
Add this import.
import org.springframework.beans.factory.annotation.Value;
Add an annotation to the connectionString instance variable.
@Value("${connectionString}")
private String connectionString;
The Key Vault integration provides a Spring PropertySource that is populated from the
values of the Key Vault. Some more implementation details are available in the
reference documentation.
In the top level keyvault directory, where the pom.xml file is
located, enter mvn clean package spring-boot:run.
The message initialization completed in the command output means the server is ready. In a separate shell window, enter this command.
Bash
$ curl http://localhost:8080/get
The output will show
jdbc:sqlserver://SERVER.database.windows.net:1433;database=DATABASE instead of
defaultValue.
Kill the process that is running from mvn spring-boot:run. You can
type Ctrl-C or you can use the jps command to get the pid of the
Launcher process and kill it.
Hope it can help you figure it out.