| title | description | author | ms.author | ms.reviewer | ms.topic | ms.date | ms.custom |
|---|---|---|---|---|---|---|---|
Spring Cloud Azure Overview | Spring Cloud Azure is a project that helps make it easier to use Azure services in Spring Boot applications by providing a group of Java libraries. | KarlErickson | karler | seal | overview | 08/28/2024 | devx-track-java, devx-track-extended-java |
Spring Cloud Azure is an open source project that helps make it easier to use Azure services in Spring applications.
Spring Cloud Azure is an open source project, with all resources available to the public. The following list provides links to these resources:
- Source code: Azure/azure-sdk-for-java.
- Samples: Azure-Samples/azure-spring-boot-samples.
- Documentation: Spring Cloud Azure.
Spring Cloud Azure can help make it easier to accomplish the following tasks in Spring applications:
- Managing configuration properties with Azure App Configuration.
- Sending and receiving messages with Azure Event Hubs, Azure Service Bus, and Azure Storage Queue.
- Managing secrets and certificates with Azure Key Vault.
- Supporting user sign-in with work or school accounts provisioned with Microsoft Entra ID.
- Supporting user sign-in with social accounts like Facebook and Google with Azure Active Directory B2C.
- Protecting your web APIs and accessing protected APIs like Microsoft Graph to work with your users' and organization's data with Microsoft Entra ID and Azure Active Directory B2C.
- Storing structured data with Azure Cosmos DB.
- Storing unstructured data like text or binary data with Azure Blob Storage.
- Storing files with Azure Files.
The following section demonstrates the benefits of using Spring Cloud Azure. In this section, the retrieval of secrets stored in Azure Key Vault is used as an example. This section compares the differences between developing a Spring Boot application with and without Spring Cloud Azure.
Without Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, you need to the following steps:
Add the following dependencies to your pom.xml file:
<dependency> <groupId>com.azure</groupId> <artifactId>azure-security-keyvault-secrets</artifactId> <version>4.5.2</version> </dependency>
Construct a
SecretClientclass instance by using code similar to the following example:publicclassDemoClass { publicstaticvoidmain(String... args) { SecretClientclient = newSecretClientBuilder() .vaultUrl("vaultUrl") .credential(newClientSecretCredentialBuilder() .tenantId("tenantId") .clientId("clientId") .clientSecret("clientSecret") .build()) .buildClient(); } }
Avoid hard coding information such as
client-idandclient-secretby making these properties configurable, as shown in the following example:@ConfigurationProperties("azure.keyvault") publicclassKeyVaultProperties { privateStringvaultUrl; privateStringtenantId; privateStringclientId; privateStringclientSecret; publicKeyVaultProperties(StringvaultUrl, StringtenantId, StringclientId, StringclientSecret) { this.vaultUrl = vaultUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; } publicStringgetVaultUrl() { returnvaultUrl; } publicvoidsetVaultUrl(StringvaultUrl) { this.vaultUrl = vaultUrl; } publicStringgetTenantId() { returntenantId; } publicvoidsetTenantId(StringtenantId) { this.tenantId = tenantId; } publicStringgetClientId() { returnclientId; } publicvoidsetClientId(StringclientId) { this.clientId = clientId; } publicStringgetClientSecret() { returnclientSecret; } publicvoidsetClientSecret(StringclientSecret) { this.clientSecret = clientSecret; } }
Update your application code as shown in this example:
@SpringBootApplication@EnableConfigurationProperties(KeyVaultProperties.class) publicclassSecretClientApplicationimplementsCommandLineRunner { privateKeyVaultPropertiesproperties; publicSecretClientApplication(KeyVaultPropertiesproperties) { this.properties = properties; } publicstaticvoidmain(String[] args) { SpringApplication.run(SecretClientApplication.class, args); } @Overridepublicvoidrun(String... args) { SecretClientclient = newSecretClientBuilder() .vaultUrl(properties.getVaultUrl()) .credential(newClientSecretCredentialBuilder() .tenantId(properties.getTenantId()) .clientId(properties.getClientId()) .clientSecret(properties.getClientSecret()) .build()) .buildClient(); System.out.println("sampleProperty: " + client.getSecret("sampleProperty").getValue()); } }
Add the necessary properties to your application.yml file, as shown in the following example:
azure: keyvault: vault-url: tenant-id: client-id: client-secret:
If you need to use
SecretClientin multiple places, define aSecretClientbean. Then, auto-wireSecretClientin the relevant places.
With Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, the requirements are simpler, as shown in the following steps:
Add the following dependencies to your pom.xml file:
<dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId> </dependency> </dependencies>
Use a bill of materials (BOM) to manage the Spring Cloud Azure version, as shown in the following example:
<dependencyManagement> <dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-dependencies</artifactId> <version>5.22.0</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
[!NOTE] If you're using Spring Boot 2.x, be sure to set the
spring-cloud-azure-dependenciesversion to4.20.0. This Bill of Material (BOM) should be configured in the<dependencyManagement>section of your pom.xml file. This ensures that all Spring Cloud Azure dependencies are using the same version. For more information about the version used for this BOM, see Which Version of Spring Cloud Azure Should I Use.Add the following properties to your application.yml file:
spring: cloud: azure: keyvault: secret: endpoint:
Sign in with Azure CLI by using the following command. Your credentials will then be provided by Azure CLI, so there will be no need to add other credential information such as
client-idandclient-secret.az loginAuto-wire
SecretClientin the relevant places, as shown in the following example:@SpringBootApplicationpublicclassSecretClientApplicationimplementsCommandLineRunner { privatefinalSecretClientsecretClient; publicSecretClientApplication(SecretClientsecretClient) { this.secretClient = secretClient; } publicstaticvoidmain(String[] args) { SpringApplication.run(SecretClientApplication.class, args); } @Overridepublicvoidrun(String... args) { System.out.println("sampleProperty: " + secretClient.getSecret("sampleProperty").getValue()); } }
Spring Cloud Azure will provide some other features besides the auto-configured SecretClient. For example, you can use @Value to get the secret value, as shown in the following example:
@SpringBootApplicationpublicclassPropertySourceApplicationimplementsCommandLineRunner { @Value("${sampleProperty1}") privateStringsampleProperty1; publicstaticvoidmain(String[] args) { SpringApplication.run(PropertySourceApplication.class, args); } publicvoidrun(String[] args) { System.out.println("sampleProperty1: " + sampleProperty1); } }Provides auto-configuration support for Azure Services, such as Service Bus, Storage, Active Directory, and so on.
Provides integration support for Spring Security with Microsoft Entra ID for authentication. For more information, see Spring Cloud Azure support for Spring Security.
Provides Spring @Value annotation support for integration with Azure Key Vault Secrets. For more information, see Spring Cloud Azure secret management.
Provides Spring Boot support for Azure Storage services. For more information, see Spring Cloud Azure resource handling.
If you need support for Spring Cloud Azure, you can ask for help in the following ways:
- Create Azure support tickets. Customers with an Azure support plan can open an Azure support ticket. We recommend this option if your problem requires immediate attention.
- File GitHub issues in the Azure/azure-sdk-for-java repository. We use GitHub issues to track bugs, questions, and feature requests. GitHub issues are free, but the response time isn't guaranteed. For more information, see GitHub issues support process.
