JarCasting
Spring Cloud Config Azure KeyVault Starter
The Starter brings you the ability to use the encrypted values feature in your remote property sources. The values securely stored as secrets in Azure KeyVault.
In addition to that you could use your Azure KeyVault as backend to store your properties.
Sample Code
Please refer to the different sample projects
- Multiple Backends via Profile
- Single Backend via Profile
- Multiple Backends via Composite Profile
- Multiple KeyVaults via Composite Profile
Quick Start
Add the dependency
The starter is published on Maven Central. If you're using Maven add the following dependency:
<dependency>
<groupId>io.github.srempfer</groupId>
<artifactId>spring-cloud-config-azure-keyvault-starter</artifactId>
<version>0.6.0-SNAPSHOT</version>
</dependency>
Settings
To get it working you have to specify your Azure KeyVault url, Azure service principal client id and client key.
spring.cloud.config.server.azure.keyvault.uri=put-your-azure-keyvault-url-here
spring.cloud.config.server.azure.keyvault.client-id=put-your-azure-client-id-here
spring.cloud.config.server.azure.keyvault.client-key=put-your-azure-client-key-here
spring.cloud.config.server.azure.keyvault.tenant-id=put-your-azure-tenant-id-here
For the interaction with Azure KeyVault the Azure Key Vault Secrets Spring Boot Starter is used.
Usage
Decryption
The starter provides an Azure KeyVault based EnvironmentEncryptor and works similar to the cipher based mechanism.
spring.datasource.username=dbuser
spring.datasource.password={keyvault}secret-name-in-key-vault
KeyVault Backend
The starter provides an Azure KeyVault based EnvironmentRepository and works similar to the JDBC Backend.
The format of the secret names have to be {application}---{profile}---{label}---keyname
| Secret Name | Key |
|---|---|
| application---default---master---simplekey | simplekey |
| application---default---master---test-key | test-key |
| application---default---master---spring--datasource--password | spring.datasource.password |