Need to know the steps to access azure key vault in my Java Springboot application

Question

How can I access Azure key vault in my sprint boot application? What do I need to implement in my code and what kind of permission needed in my subscription?

Getting error "Directory permission is needed for the current user to register the application. " while creating service principal.

Answer 1

Follow the below given steps and code to fetch and use the azure keyvault in spring boot application :

1. Run below command in the Azure Cloud Shell to get list of subscriptions and az account list

2. To Set/select the particular Subscription:
   az account set -s your\_subscription\_id

3. Create service principal using the below command: az ad sp create-for-rbac --name myapp --role Contributor --scopes /subscriptions/mySubscriptionID

• Go to Active Directory=> select the service principal app which you have created and note below details:

Your Client_ID  
Your Client\_Secret\_Value  
Your Tenant_ID

4. Access Azure key vault in sprint boot application by following Below Steps:

• Create a Resource Group in Azure Portal
• Create a Key Vault in Azure Portal by selecting your resource group
• Create secret in Azure key vault and store your secret key.
• Select “Access policies” in left pane of key vault.

• Click on Create and select the permissions such as “Get, List, Recover, Set, Delete, Backup, Restore” in secret permissions.

• Click “Next” and select the service principal app which you have created and click “Create”.

5. Go to your spring boot application=>Under resources folder=> application.properties file, paste your Client_ID, Client_Secret_Value, Tenant_ID and Key Vault URL as shown below:

spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=<your_Client_ID>  
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=<your_Client_Secret>  
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=<KeyVault_URL>  
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=<your_Tenant_ID>

Output:

References:

Refer to my github repo for the code to access and retrieve secret from Azure key vault.

Answer 2

You should first verify if the az login command is working for you. If properly setup, you should see a message as shown below -

After this step, you have to add the below dependencies in your pom.xml

        <!-- https://mvnrepository.com/artifact/com.azure.spring/spring-cloud-azure-dependencies -->
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-dependencies</artifactId>
            <version>4.10.0</version>
            <type>pom</type>
        </dependency>

        <!-- https://mvnrepository.com/artifact/com.azure.spring/spring-cloud-azure-starter-keyvault-secrets -->
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
            <version>4.10.0</version>
        </dependency>

Please check the compatibility between spring-boot version and the library-version. It worked for spring-boot version = 3.1.1 for me

After this you can create a Configuration class as follows -

@Configuration
public class AzureSecretClientConfiguration {

    @Bean
    public SecretClient createSecretClient() {
        return new SecretClientBuilder()
                .vaultUrl("https://sample-key-vault.azure.net/")
                .credential(new DefaultAzureCredentialBuilder().build())
                .buildClient();
    }

}

Now in your service class, you can easily inject the configuration and extract values from key-vault. I have shown an example below -

    @Autowired
    AzureSecretClientConfiguration secretClientConfiguration;

SecretClient azureSecrets = secretClientConfiguration.createSecretClient();
           try {
                KeyVaultSecret secret = azureSecrets.getSecret("my-sample-key");


            } catch (ClientAuthenticationException e) {
                //Handle Exception
                e.printStackTrace();
            }