Open kirankumar994 opened 2 months ago
@chenrujun @moarychan @netyyyy @saragluna
Thank you for your feedback. Tagging and routing to the team member best able to assist.
@kirankumar994 are you using the com.azure.spring spring-cloud-azure-starter-keyvault
to retrieve the kv property source, instead of using the kv secret client and get the secret by yourself?
Hi @saragluna , here is the dependency I am using.
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-keyvault</artifactId>
<version>5.11.0</version>
</dependency>
But, as I mentioned in the above I am able to run the application on my local by configurin the bean in my Reactive Mongo config as below
@Bean
public SecretClient createSecretClient() {
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(clientSecret)
.tenantId(tenantId)
.build();
// Azure SDK client builders accept the credential as a parameter.
return new SecretClientBuilder()
.vaultUrl(keyVaultEndpoint)
.credential(clientSecretCredential)
.buildClient();
}
The clientId, secret and tenantId are reading from the application properties file. I am not facing any issue on my local. Here is the following I am trying to do.
Later, I copied the same properties in the azure spring apps environment variables and tried to deploy the application on azure spring apps, then it is failing to start the application and throwing the below exception.
java.lang.IllegalStateException: Failed to configure KeyVault property source
I would like to know what I am doing wrong here. Thank you in advance.
Hi @kirankumar994, what do you mean by The application is up and runnin after I login with az login service principal
?
What's the properties you set on Azure Spring Apps, I guess that the KV property source is enabled, but without any credential to connect to the KV client in the property source. The bean you defined in the following code is a different client object from the KV client newed in the KV property source.
return new SecretClientBuilder()
.vaultUrl(keyVaultEndpoint)
.credential(clientSecretCredential)
.buildClient();
Query/Question I have a spring boot application, using key vault to store my mongodb credentials. I am using service principal authentication to connect with azure key vault. The application is currently running on local env with the below code attached after log in with az login service principal. But, when I am trying to deploy it on azure spring cloud, I am getting the below exception
java.lang.IllegalStateException: Failed to configure KeyVault property source
This is the Bean I kept in my mongodb config class. I am using the same service principal to deploy from local. And, it is getting deployed as well, but the application failed to start due to above exception. I tried with managed identity as well but no luck. I wanted to use service principal to connect with azure key vault as well. Here is the screenshot of the same service principal to the key vault.
Here is the dependency I am using in my spring boot application.
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report