title	description	author	ms.author	ms.reviewer	ms.date	ms.topic	ms.custom
Azure Key Vault Secrets configuration properties	This reference doc contains all Azure Key Vault Secrets configuration properties.	KarlErickson	karler	seal	05/10/2023	reference	devx-track-java, spring-cloud-azure, devx-track-extended-java

Azure Key Vault Secrets configuration properties

Name: azure-dev-docs/articles/java/spring-framework/configuration-properties-azure-key-vault-secrets.md at main · MicrosoftDocs/azure-dev-docs · GitHub
Rating: 4.7 (4506 reviews)

[!div class="mx-tdBreakAll"]
Property Description
spring.cloud.azure.keyvault.secret.challenge-resource-verification-enabled Whether to enable the Azure Key Vault challenge resource verification, default: true. Calls the disableChallengeResourceVerification method of the Azure Key Vault Client Builder when set to false. The default value is true.
spring.cloud.azure.keyvault.secret.client.application-id Represents current application and is used for telemetry/monitoring purposes.
spring.cloud.azure.keyvault.secret.client.connect-timeout Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved.
spring.cloud.azure.keyvault.secret.client.connection-idle-timeout Amount of time(Duration) before an idle connection.
spring.cloud.azure.keyvault.secret.client.headers List of headers applied to each request sent with client. For instance, "myCustomHeader", "myStaticValue".
spring.cloud.azure.keyvault.secret.client.headers[0].name The name of the header.
spring.cloud.azure.keyvault.secret.client.headers[0].values List of values of the header.
spring.cloud.azure.keyvault.secret.client.logging.allowed-header-names Comma-delimited list of allowlist headers that should be logged. The default value is "x-ms-request-id","x-ms-client-request-id","x-ms-return-client-request-id","traceparent","MS-CV","Accept","Cache-Control","Connection","Content-Length","Content-Type","Date","ETag","Expires","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","Last-Modified","Pragma","Request-Id","Retry-After","Server","Transfer-Encoding","User-Agent","WWW-Authenticate".
spring.cloud.azure.keyvault.secret.client.logging.allowed-query-param-names Comma-delimited list of allowlist query parameters. The default value is "api-version".
spring.cloud.azure.keyvault.secret.client.logging.level The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is NONE.
spring.cloud.azure.keyvault.secret.client.logging.pretty-print-body Whether to pretty print the message bodies. The default value is false.
spring.cloud.azure.keyvault.secret.client.maximum-connection-pool-size Maximum connection pool size used by the underlying HTTP client.
spring.cloud.azure.keyvault.secret.client.read-timeout Amount of time(Duration) used when reading the server response.
spring.cloud.azure.keyvault.secret.client.response-timeout Amount of time(Duration) used when waiting for a server to reply.
spring.cloud.azure.keyvault.secret.client.write-timeout Amount of time(Duration) each request being sent over the wire.
spring.cloud.azure.keyvault.secret.credential.client-certificate-password Password of the certificate file.
spring.cloud.azure.keyvault.secret.credential.client-certificate-path Path of a PEM certificate file to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.client-id Client ID to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.client-secret Client secret to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.managed-identity-enabled Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is false.
spring.cloud.azure.keyvault.secret.credential.password Password to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.token-credential-bean-name The bean name of type com.azure.core.credential.TokenCredential to use when performing authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.username Username to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.enabled Whether an Azure Service is enabled. The default value is true.
spring.cloud.azure.keyvault.secret.endpoint Azure Key Vault endpoint. For instance, https://{your-unique-keyvault-name}.vault.azure.net/.
spring.cloud.azure.keyvault.secret.profile.cloud-type Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is AZURE.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-endpoint The Microsoft Entra endpoint to connect to.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-api-version The Azure Active Directory Graph API version.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-endpoint The Azure Active Directory Graph endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-resource-id The Microsoft Entra resource ID.
spring.cloud.azure.keyvault.secret.profile.environment.azure-application-insights-endpoint The Azure Application Insights endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix The Data Lake analytics catalog and job endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-store-file-system-endpoint-suffix The Data Lake storage file system endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.environment.azure-log-analytics-endpoint The Azure Log Analytics endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.data-lake-endpoint-resource-id The Data Lake endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.gallery-endpoint The gallery endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.key-vault-dns-suffix The Key Vault DNS suffix.
spring.cloud.azure.keyvault.secret.profile.environment.management-endpoint The management service endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.microsoft-graph-endpoint The Microsoft Graph endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.portal The management portal URL.
spring.cloud.azure.keyvault.secret.profile.environment.publishing-profile The publishing settings file URL.
spring.cloud.azure.keyvault.secret.profile.environment.resource-manager-endpoint The resource management endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.service-bus-domain-name The domain name for Service Bus.
spring.cloud.azure.keyvault.secret.profile.environment.sql-management-endpoint The SQL management endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.sql-server-hostname-suffix The SQL Server hostname suffix.
spring.cloud.azure.keyvault.secret.profile.environment.storage-endpoint-suffix The Storage endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.subscription-id Subscription ID to use when connecting to Azure resources.
spring.cloud.azure.keyvault.secret.profile.tenant-id Tenant ID for Azure resources. The values allowed for tenant-id are: common, organizations, consumers, or the tenant ID.
spring.cloud.azure.keyvault.secret.property-source-enabled Whether to enable the Key Vault property source. The default value is true.
spring.cloud.azure.keyvault.secret.property-sources List of Azure Key Vault property sources. For instance, property-sources[0].name=key-vault-property-source-1, property-sources[0].endpoint={ENDPOINT_1}, property-sources[1].name=key-vault-property-source-2, property-sources[1].endpoint={ENDPOINT_2}.
spring.cloud.azure.keyvault.secret.property-sources[0].case-sensitive Whether to enable case-sensitive for secret keys. The default value is false.
spring.cloud.azure.keyvault.secret.property-sources[0].challenge-resource-verification-enabled Whether to enable the Azure Key Vault challenge resource verification, default: true. Calls the disableChallengeResourceVerification method of the Azure Key Vault Client Builder when set to false. The default value is true.
spring.cloud.azure.keyvault.secret.property-sources[0].client.application-id Represents current application and is used for telemetry/monitoring purposes.
spring.cloud.azure.keyvault.secret.property-sources[0].client.connect-timeout Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved.
spring.cloud.azure.keyvault.secret.property-sources[0].client.connection-idle-timeout Amount of time(Duration) before an idle connection.
spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].name The name of the header.
spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].values List of values of the header.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-header-names Comma-delimited list of allowlist headers that should be logged. The default value is 'x-ms-request-id','x-ms-client-request-id','x-ms-return-client-request-id','traceparent','MS-CV','Accept','Cache-Control','Connection','Content-Length','Content-Type','Date','ETag','Expires','If-Match','If-Modified-Since','If-None-Match','If-Unmodified-Since','Last-Modified','Pragma','Request-Id','Retry-After','Server','Transfer-Encoding','User-Agent','WWW-Authenticate'.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-query-param-names Comma-delimited list of allowlist query parameters. The default value is 'api-version'.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.level The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is NONE.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.pretty-print-body Whether to pretty print the message bodies. The default value is false.
spring.cloud.azure.keyvault.secret.property-sources[0].client.maximum-connection-pool-size Maximum connection pool size used by the underlying HTTP client.
spring.cloud.azure.keyvault.secret.property-sources[0].client.read-timeout Amount of time(Duration) used when reading the server response.
spring.cloud.azure.keyvault.secret.property-sources[0].client.response-timeout Amount of time(Duration) used when waiting for a server to reply.
spring.cloud.azure.keyvault.secret.property-sources[0].client.write-timeout Amount of time(Duration) each request being sent over the wire.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-password Password of the certificate file.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-path Path of a PEM certificate file to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id Client ID to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret Client secret to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.managed-identity-enabled Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is false.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.password Password to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.username Username to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].enabled Whether an Azure Service is enabled. The default value is true.
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint Azure Key Vault endpoint. For instance, https://{your-unique-keyvault-name}.vault.azure.net/.
spring.cloud.azure.keyvault.secret.property-sources[0].name Name of this property source.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.cloud-type Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is AZURE.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-endpoint The Microsoft Entra endpoint to connect to.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-api-version The Azure Active Directory Graph API version.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-endpoint The Azure Active Directory Graph endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-resource-id The Microsoft Entra resource ID.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-application-insights-endpoint The Azure Application Insights endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix The Data Lake analytics catalog and job endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-store-file-system-endpoint-suffix The Data Lake storage file system endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-log-analytics-endpoint The Azure Log Analytics endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.data-lake-endpoint-resource-id The Data Lake endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.gallery-endpoint The gallery endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.key-vault-dns-suffix The Key Vault DNS suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.management-endpoint The management service endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.microsoft-graph-endpoint The Microsoft Graph endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.portal The management portal URL.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.publishing-profile The publishing settings file URL.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.resource-manager-endpoint The resource management endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-management-endpoint The SQL management endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-server-hostname-suffix The SQL Server hostname suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.storage-endpoint-suffix The Storage endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.subscription-id Subscription ID to use when connecting to Azure resources.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id Tenant ID for Azure resources. The values allowed for tenant-id are: common, organizations, consumers, or the tenant ID.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.hostname The host of the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.non-proxy-hosts A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.password Password used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.port The port of the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.type The type of the proxy. For instance of http, http, socks4, socks5. For instance of amqp, http, socks.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.username Username used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].resource.region The region of an Azure resource. For instance, "eastus".
spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-group The resource group holds an Azure resource.
spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-id ID of an Azure resource.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.base-delay Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-delay Maximum permissible amount of time(duration) between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-retries The maximum number of attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.delay Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.max-retries The maximum number of attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.mode The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL.
spring.cloud.azure.keyvault.secret.property-sources[0].secret-keys The configured secret keys will be loaded from Azure Key Vaults secret, if configured nothing, then load all the secrets. Only support exact value for secret names, For example, if you configured secret key name SecretKey1 in Key Vaults secret, you should configure SecretKey1 here.
spring.cloud.azure.keyvault.secret.property-sources[0].service-version Secret service version used when making API requests.
spring.cloud.azure.keyvault.secret.proxy.hostname The host of the proxy.
spring.cloud.azure.keyvault.secret.proxy.non-proxy-hosts A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through.
spring.cloud.azure.keyvault.secret.proxy.password Password used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.proxy.port The port of the proxy.
spring.cloud.azure.keyvault.secret.proxy.type The type of the proxy. For instance of http, http, socks4, socks5. For instance of amqp, http, socks.
spring.cloud.azure.keyvault.secret.proxy.username Username used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.resource.region The region of an Azure resource. For instance, "eastus".
spring.cloud.azure.keyvault.secret.resource.resource-group The resource group holds an Azure resource.
spring.cloud.azure.keyvault.secret.resource.resource-id ID of an Azure resource.
spring.cloud.azure.keyvault.secret.retry.exponential.base-delay Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.retry.exponential.max-delay Maximum permissible amount of time(duration) between retry attempts.
spring.cloud.azure.keyvault.secret.retry.exponential.max-retries The maximum number of attempts.
spring.cloud.azure.keyvault.secret.retry.fixed.delay Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.retry.fixed.max-retries The maximum number of attempts.
spring.cloud.azure.keyvault.secret.retry.mode The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL.
spring.cloud.azure.keyvault.secret.service-version Secret service version used when making API requests.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

configuration-properties-azure-key-vault-secrets.md

configuration-properties-azure-key-vault-secrets.md

Azure Key Vault Secrets configuration properties

Property	Description
spring.cloud.azure.keyvault.secret.challenge-resource-verification-enabled	Whether to enable the Azure Key Vault challenge resource verification, default: true. Calls the disableChallengeResourceVerification method of the Azure Key Vault Client Builder when set to false. The default value is `true`.
spring.cloud.azure.keyvault.secret.client.application-id	Represents current application and is used for telemetry/monitoring purposes.
spring.cloud.azure.keyvault.secret.client.connect-timeout	Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved.
spring.cloud.azure.keyvault.secret.client.connection-idle-timeout	Amount of time(Duration) before an idle connection.
spring.cloud.azure.keyvault.secret.client.headers	List of headers applied to each request sent with client. For instance, `"myCustomHeader", "myStaticValue"`.
spring.cloud.azure.keyvault.secret.client.headers[0].name	The name of the header.
spring.cloud.azure.keyvault.secret.client.headers[0].values	List of values of the header.
spring.cloud.azure.keyvault.secret.client.logging.allowed-header-names	Comma-delimited list of allowlist headers that should be logged. The default value is `"x-ms-request-id","x-ms-client-request-id","x-ms-return-client-request-id","traceparent","MS-CV","Accept","Cache-Control","Connection","Content-Length","Content-Type","Date","ETag","Expires","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","Last-Modified","Pragma","Request-Id","Retry-After","Server","Transfer-Encoding","User-Agent","WWW-Authenticate"`.
spring.cloud.azure.keyvault.secret.client.logging.allowed-query-param-names	Comma-delimited list of allowlist query parameters. The default value is `"api-version"`.
spring.cloud.azure.keyvault.secret.client.logging.level	The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is `NONE`.
spring.cloud.azure.keyvault.secret.client.logging.pretty-print-body	Whether to pretty print the message bodies. The default value is `false`.
spring.cloud.azure.keyvault.secret.client.maximum-connection-pool-size	Maximum connection pool size used by the underlying HTTP client.
spring.cloud.azure.keyvault.secret.client.read-timeout	Amount of time(Duration) used when reading the server response.
spring.cloud.azure.keyvault.secret.client.response-timeout	Amount of time(Duration) used when waiting for a server to reply.
spring.cloud.azure.keyvault.secret.client.write-timeout	Amount of time(Duration) each request being sent over the wire.
spring.cloud.azure.keyvault.secret.credential.client-certificate-password	Password of the certificate file.
spring.cloud.azure.keyvault.secret.credential.client-certificate-path	Path of a PEM certificate file to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.client-id	Client ID to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.client-secret	Client secret to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.managed-identity-enabled	Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is `false`.
spring.cloud.azure.keyvault.secret.credential.password	Password to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.token-credential-bean-name	The bean name of type `com.azure.core.credential.TokenCredential` to use when performing authentication with Azure.
spring.cloud.azure.keyvault.secret.credential.username	Username to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.enabled	Whether an Azure Service is enabled. The default value is `true`.
spring.cloud.azure.keyvault.secret.endpoint	Azure Key Vault endpoint. For instance, `https://{your-unique-keyvault-name}.vault.azure.net/`.
spring.cloud.azure.keyvault.secret.profile.cloud-type	Name of the Azure cloud to connect to. Supported types are: `AZURE`, `AZURE_CHINA`, `AZURE_US_GOVERNMENT`, `OTHER`. The default value is `AZURE`.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-endpoint	The Microsoft Entra endpoint to connect to.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-api-version	The Azure Active Directory Graph API version.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-endpoint	The Azure Active Directory Graph endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.active-directory-resource-id	The Microsoft Entra resource ID.
spring.cloud.azure.keyvault.secret.profile.environment.azure-application-insights-endpoint	The Azure Application Insights endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix	The Data Lake analytics catalog and job endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-store-file-system-endpoint-suffix	The Data Lake storage file system endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.environment.azure-log-analytics-endpoint	The Azure Log Analytics endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.data-lake-endpoint-resource-id	The Data Lake endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.gallery-endpoint	The gallery endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.key-vault-dns-suffix	The Key Vault DNS suffix.
spring.cloud.azure.keyvault.secret.profile.environment.management-endpoint	The management service endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.microsoft-graph-endpoint	The Microsoft Graph endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.portal	The management portal URL.
spring.cloud.azure.keyvault.secret.profile.environment.publishing-profile	The publishing settings file URL.
spring.cloud.azure.keyvault.secret.profile.environment.resource-manager-endpoint	The resource management endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.service-bus-domain-name	The domain name for Service Bus.
spring.cloud.azure.keyvault.secret.profile.environment.sql-management-endpoint	The SQL management endpoint.
spring.cloud.azure.keyvault.secret.profile.environment.sql-server-hostname-suffix	The SQL Server hostname suffix.
spring.cloud.azure.keyvault.secret.profile.environment.storage-endpoint-suffix	The Storage endpoint suffix.
spring.cloud.azure.keyvault.secret.profile.subscription-id	Subscription ID to use when connecting to Azure resources.
spring.cloud.azure.keyvault.secret.profile.tenant-id	Tenant ID for Azure resources. The values allowed for `tenant-id` are: `common`, `organizations`, `consumers`, or the tenant ID.
spring.cloud.azure.keyvault.secret.property-source-enabled	Whether to enable the Key Vault property source. The default value is `true`.
spring.cloud.azure.keyvault.secret.property-sources	List of Azure Key Vault property sources. For instance, `property-sources[0].name=key-vault-property-source-1, property-sources[0].endpoint={ENDPOINT_1}, property-sources[1].name=key-vault-property-source-2, property-sources[1].endpoint={ENDPOINT_2}`.
spring.cloud.azure.keyvault.secret.property-sources[0].case-sensitive	Whether to enable case-sensitive for secret keys. The default value is `false`.
spring.cloud.azure.keyvault.secret.property-sources[0].challenge-resource-verification-enabled	Whether to enable the Azure Key Vault challenge resource verification, default: true. Calls the disableChallengeResourceVerification method of the Azure Key Vault Client Builder when set to false. The default value is `true`.
spring.cloud.azure.keyvault.secret.property-sources[0].client.application-id	Represents current application and is used for telemetry/monitoring purposes.
spring.cloud.azure.keyvault.secret.property-sources[0].client.connect-timeout	Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved.
spring.cloud.azure.keyvault.secret.property-sources[0].client.connection-idle-timeout	Amount of time(Duration) before an idle connection.
spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].name	The name of the header.
spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].values	List of values of the header.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-header-names	Comma-delimited list of allowlist headers that should be logged. The default value is `'x-ms-request-id','x-ms-client-request-id','x-ms-return-client-request-id','traceparent','MS-CV','Accept','Cache-Control','Connection','Content-Length','Content-Type','Date','ETag','Expires','If-Match','If-Modified-Since','If-None-Match','If-Unmodified-Since','Last-Modified','Pragma','Request-Id','Retry-After','Server','Transfer-Encoding','User-Agent','WWW-Authenticate'`.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-query-param-names	Comma-delimited list of allowlist query parameters. The default value is `'api-version'`.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.level	The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is `NONE`.
spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.pretty-print-body	Whether to pretty print the message bodies. The default value is `false`.
spring.cloud.azure.keyvault.secret.property-sources[0].client.maximum-connection-pool-size	Maximum connection pool size used by the underlying HTTP client.
spring.cloud.azure.keyvault.secret.property-sources[0].client.read-timeout	Amount of time(Duration) used when reading the server response.
spring.cloud.azure.keyvault.secret.property-sources[0].client.response-timeout	Amount of time(Duration) used when waiting for a server to reply.
spring.cloud.azure.keyvault.secret.property-sources[0].client.write-timeout	Amount of time(Duration) each request being sent over the wire.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-password	Password of the certificate file.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-path	Path of a PEM certificate file to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id	Client ID to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret	Client secret to use when performing service principal authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.managed-identity-enabled	Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is `false`.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.password	Password to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].credential.username	Username to use when performing username/password authentication with Azure.
spring.cloud.azure.keyvault.secret.property-sources[0].enabled	Whether an Azure Service is enabled. The default value is `true`.
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint	Azure Key Vault endpoint. For instance, `https://{your-unique-keyvault-name}.vault.azure.net/`.
spring.cloud.azure.keyvault.secret.property-sources[0].name	Name of this property source.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.cloud-type	Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_US_GOVERNMENT, OTHER. The default value is `AZURE`.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-endpoint	The Microsoft Entra endpoint to connect to.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-api-version	The Azure Active Directory Graph API version.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-endpoint	The Azure Active Directory Graph endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-resource-id	The Microsoft Entra resource ID.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-application-insights-endpoint	The Azure Application Insights endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix	The Data Lake analytics catalog and job endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-store-file-system-endpoint-suffix	The Data Lake storage file system endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-log-analytics-endpoint	The Azure Log Analytics endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.data-lake-endpoint-resource-id	The Data Lake endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.gallery-endpoint	The gallery endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.key-vault-dns-suffix	The Key Vault DNS suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.management-endpoint	The management service endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.microsoft-graph-endpoint	The Microsoft Graph endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.portal	The management portal URL.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.publishing-profile	The publishing settings file URL.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.resource-manager-endpoint	The resource management endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-management-endpoint	The SQL management endpoint.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-server-hostname-suffix	The SQL Server hostname suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.storage-endpoint-suffix	The Storage endpoint suffix.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.subscription-id	Subscription ID to use when connecting to Azure resources.
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id	Tenant ID for Azure resources. The values allowed for `tenant-id` are: `common`, `organizations`, `consumers`, or the tenant ID.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.hostname	The host of the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.non-proxy-hosts	A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.password	Password used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.port	The port of the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.type	The type of the proxy. For instance of http, `http`, `socks4`, `socks5`. For instance of amqp, `http`, `socks`.
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.username	Username used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.property-sources[0].resource.region	The region of an Azure resource. For instance, `"eastus"`.
spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-group	The resource group holds an Azure resource.
spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-id	ID of an Azure resource.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.base-delay	Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-delay	Maximum permissible amount of time(duration) between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-retries	The maximum number of attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.delay	Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.max-retries	The maximum number of attempts.
spring.cloud.azure.keyvault.secret.property-sources[0].retry.mode	The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL.
spring.cloud.azure.keyvault.secret.property-sources[0].secret-keys	The configured secret keys will be loaded from Azure Key Vaults secret, if configured nothing, then load all the secrets. Only support exact value for secret names, For example, if you configured secret key name `SecretKey1` in Key Vaults secret, you should configure `SecretKey1` here.
spring.cloud.azure.keyvault.secret.property-sources[0].service-version	Secret service version used when making API requests.
spring.cloud.azure.keyvault.secret.proxy.hostname	The host of the proxy.
spring.cloud.azure.keyvault.secret.proxy.non-proxy-hosts	A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through.
spring.cloud.azure.keyvault.secret.proxy.password	Password used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.proxy.port	The port of the proxy.
spring.cloud.azure.keyvault.secret.proxy.type	The type of the proxy. For instance of http, `http`, `socks4`, `socks5`. For instance of amqp, `http`, `socks`.
spring.cloud.azure.keyvault.secret.proxy.username	Username used to authenticate with the proxy.
spring.cloud.azure.keyvault.secret.resource.region	The region of an Azure resource. For instance, `"eastus"`.
spring.cloud.azure.keyvault.secret.resource.resource-group	The resource group holds an Azure resource.
spring.cloud.azure.keyvault.secret.resource.resource-id	ID of an Azure resource.
spring.cloud.azure.keyvault.secret.retry.exponential.base-delay	Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.retry.exponential.max-delay	Maximum permissible amount of time(duration) between retry attempts.
spring.cloud.azure.keyvault.secret.retry.exponential.max-retries	The maximum number of attempts.
spring.cloud.azure.keyvault.secret.retry.fixed.delay	Amount of time(Duration) to wait between retry attempts.
spring.cloud.azure.keyvault.secret.retry.fixed.max-retries	The maximum number of attempts.
spring.cloud.azure.keyvault.secret.retry.mode	The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL.
spring.cloud.azure.keyvault.secret.service-version	Secret service version used when making API requests.

Files

configuration-properties-azure-key-vault-secrets.md

Latest commit

History

configuration-properties-azure-key-vault-secrets.md

File metadata and controls

Azure Key Vault Secrets configuration properties