Azure Storage Blob : How to read connection string from external source

[parasjain27031994]

We are using azure-storage-blob extension, however we see that providing connection string is mandatory, this poses a security risk as we do not want to expose this in our application or IAC code.

Is there a way to assign this value at runtime probably by reading it from Secrets Manages or Azure Key vault ?

[majguo]

Hello @parasjain27031994, I haven't tried it yet, but it's possible to read connection string of the azure storage blob from Azure Key Vault using extension io.quarkiverse.azureservices:quarkus-azure-keyvault at runtime:

1. Create Azure Storage Blob and Azure Key Vault, and add connection string of the Azure Storage Blob as one of the secrets in the Azure key Vault, e.g., secret-azure-storage-blob-conn-string;
2. Include io.quarkiverse.azureservices:quarkus-azure-keyvault:1.0.7 in your app;

3. In your application.properties file:

   quarkus.azure.keyvault.secret.endpoint=<your-azure-key-vault-secret-endpoint>
   quarkus.azure.storage.blob.connection-string=${kv//secret-azure-storage-blob-conn-string}

References:

• Quarkus Azure Key Vault Extension
• Azure Key Vault sample