search

microsoft / azure-spring-boot

Spring Boot Starters for Azure services
MIT License
374 stars 460 forks source link

azure.keyvault.refresh-interval is not working #840

Closed venukbh closed 3 years ago

venukbh commented 4 years ago

Environment

Spring boot starter:
    key vault spring boot starter

OS Type: Linux/MacOS

Java version:
    1.8

Summary

Followed the steps mentioned on the page, and was able to read the keys from key-vault. Changed the refresh-interval to 2 minutes = 120000 milli seconds After app started, changed the values in azure key vault, and for every 2 minutes thereafter, verified to see the new value reflected. But I do not see the value being reflected. It is still using the old value.

Reproduce steps

Followed the steps mentioned on the page, and was able to read the keys from key-vault. Changed the refresh-interval to 2 minutes = 120000 milli seconds After app started, changed the values in azure key vault, and for every 2 minutes thereafter, verified to see the new value reflected. But I do not see the value being reflected. It is still using the old value.

These are the properties I am using

azure.keyvault.uri=https://test-myvault.vault.azure.net/
azure.keyvault.client-id=my-client-id
azure.keyvault.client-key=my-client-secret
azure.keyvault.refresh-interval=120000

Here is the code


@Component
public class AKVTest implements CommandLineRunner{
    @Value("${cdb-checkout-key}")
    private String connectionString;`

 @Override
    public void run(String... varl) throws Exception {
        System.out.println(String.format("\nConnection String stored in Azure Key Vault:\n%s\n",connectionString));
    }

    public void printValue() throws Exception {
        System.out.println(String.format("\nConnection String stored in Azure Key Vault with print method:\n%s\n",connectionString));
    }
}

Expected Results

Get the updated key value from key vault

Actual Results

Always storing the initial loaded value and not refreshing the latest value.

saragluna commented 4 years ago

Thanks for bringing this up. Please check this issue #683 to see if it helps.

venukbh commented 4 years ago

@saragluna Then what is the purpose of having this property in the code azure.keyvault.refresh-interval ? It was also mentioned on your portal which is quite deviating the actual functionality.

yiliuTo commented 4 years ago

Hi @venukbh , if you want to get the value out of the key vault then you can access the Environment directly instead of using @Value, because @Value is resolved at the time the @Component is constructed and after that never updated (unless the entire ApplicationContext is restarted).

just an example:

@Autowired Environment environment;

And then use environment.getProperty(“propertyName”);

Besides, the property azure.keyvault.refresh-interval is used to set the refresh interval how long the key vault values will be refreshed from the server, this property works when you do not specify the secrets to load from Key Vault by azure.keyvault.secret.keys.

venukbh commented 4 years ago

@yiliuTo In my above steps to reporduce, I did not any where used azure.keyvault.secret.keys property. As per documentation, I agree that if I use azure.keyvault.secret.keys, may be the keys will not refresh.

So, as you mentioned, will using Environment help in refreshing the keys? or is it just a try you are suggesting?

yiliuTo commented 4 years ago

Hi @venukbh , I have tried using Environment.getProperty() and it calls the function KeyVaultOperation.get() and KeyVaultOperation.getPropertyNames(), which will refresh the keys if the requirements we discussed are met.

chenrujun commented 3 years ago

Closing this issue. Because it's not active for a long time. If anyone have similar issue, please create issue in new repo: https://github.com/Azure/azure-sdk-for-java/issues