mrm9084
commented
2 years ago @jhyot It isn't exactly what you are looking for, but Azure App Configuration supports configuration refresh which includes loading secrets from key vault.
Closed jhyot closed 6 months ago
mrm9084
commented
2 years ago @jhyot It isn't exactly what you are looking for, but Azure App Configuration supports configuration refresh which includes loading secrets from key vault.
joshfree
commented
2 years ago @stliu could you help route @jhyot's request?
chenrujun
commented
2 years ago @jhyot , thanks for reaching out. My current plan is to implement this feature in [2022] January. And PR is welcome.
jhyot
commented
2 years ago I have noticed that when triggering an Environment refresh with Spring Cloud, the secrets get automatically refreshed from the Key Vault and injected into the environment. I don't know how much this is "as designed" or if this is by accident.
In any case I could solve my exact use case by deactivating the KeyVault library refresh (setting azure.keyvault.refresh-interval=0) and using my own scheduler that triggers the Spring Cloud environment refresh.
chenrujun
commented
2 years ago @jhyot
I have noticed that when triggering and Environment refresh with Spring Cloud, the secrets get automatically refreshed from the Key Vault and injected into the environment. I don't know how much this is "as designed" or if this is by accident.
It's not by accident, it's designed by Spring Cloud. When Environment refreshed, all PropertySource will refreshed.
In any case I could solve my exact use case by deactivating the KeyVault library refresh (setting azure.keyvault.refresh-interval=0) and using my own scheduler that triggers the Spring Cloud environment refresh.
We can achieve by these steps:
RefreshEvent using your own scheduler. Please refer to the sample code: AppConfigurationRefresh.java. (@mrm9084, Correct me if I have any misunderstanding).
github-actions[bot]
commented
6 months ago Hi @jhyot, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.
Is your feature request related to a problem? Please describe. azure-spring-boot-starter-keyvault-secrets features a periodic refresh of the Spring Boot Environment from the Key Vault. But the client application has currently no way of knowing that secrets have been refreshed.
Describe the solution you'd like Add some kind of optional hook into the refresh process. The hook could be just a client-configurable bean that is called every time secrets have been refreshed, optionally supplied with some meta-info about the refresh (but this is not strictly needed).
I would use this hook to then call Spring Cloud's
EnvironmentChangeEvent, which would trigger a refresh of the config properties bound to the refreshed Key Vault secrets. The optional generic hook would avoid any dependencies on Spring Cloud, and developers could use any other mechanism they like.Describe alternatives you've considered Not yet fully investigated, but seeing if something like that can be done with the existing keyvault code.
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report