I have successfully configured one Spring Boot application to use Azure Key Vault. The Key Vault is providing User Name & Password of database. Now when I configured another similar application which connect to a separate database schema hosted on same db url, this time I saved user id and password with a key name suffixed with "APP2" on same Key Vault.
Strangely Application 2 is somehow connecting to database used by Application 1 which is because its using credentials of Application 1 which is the value of keys SPRING-DATASOURCE-USERNAME & SPRING-DATASOURCE-PASSWORD
Is there any default spring boot/jps logic to always go for SPRING-DATASOURCE-PASSWORD these key.
spring:
datasource:
url: <datasource url>
type: com.zaxxer.hikari.HikariDataSource
username: "${SPRING-DATASOURCE-USERNAME}"
password: "${SPRING-DATASOURCE-PASSWORD}"
cloud:
azure:
keyvault:
secret:
property-sources[0]:
credential:
managed-identity-enabled: true
endpoint: <key vault url>
This is yaml for application 2
spring:
datasource:
url: <datasource url>
type: com.zaxxer.hikari.HikariDataSource
username: "${SPRING-DATASOURCE-USERNAME-APP2}"
password: "${SPRING-DATASOURCE-PASSWORD-APP2}"
cloud:
azure:
keyvault:
secret:
property-sources[0]:
credential:
managed-identity-enabled: true
endpoint: <key vault url>
I tried deleting the Application 2 Keys from Key Vault and that application still works and connect to Application 1 datasources. I tried deleting keys used by Application 1 and now both application fails ro start with incorrect user id.password error.
I tried deleting keys used by Application 1 and now both application fails ro start with incorrect user id.password error.
Spring Boot does not have any default logic to automatically pick specific key names for properties like SPRING-DATASOURCE-USERNAME and SPRING-DATASOURCE-PASSWORD. The property values are resolved based on the placeholders ${...} in your configuration.
application.properties or application.yaml files, rather than relying on Spring Boot property placeholders. This approach can help ensure that each application retrieves the correct secrets from Azure Key Vault.application.yaml for Application 1:
spring:
datasource:
url: <datasource url>
type: com.zaxxer.hikari.HikariDataSource
username: ${spring.datasource.username}
password: ${spring.datasource.password}
cloud:
azure:
keyvault:
secret:
spring.datasource.username: <Azure Key Vault secret name for username>
spring.datasource.password: <Azure Key Vault secret name for password>
application.yaml for Application 2:
spring:
datasource:
url: <datasource url>
type: com.zaxxer.hikari.HikariDataSource
username: ${spring.datasource.username.app2}
password: ${spring.datasource.password.app2}
cloud:
azure:
keyvault:
secret:
spring.datasource.username.app2: <Azure Key Vault secret name for username for App2>
spring.datasource.password.app2: <Azure Key Vault secret name for password for App2>