Comments (33)
I've got it working using a custom/changed version KeyVaultEnvironmentPostProcessor, setting it to use CLI, using a custom prefix for the properties and adding it to spring.factories in META-INF. It's a nasty hack but best available right now. Loading takes ~10s.
from azure-sdk-for-java.
Can we confirm then that this is a bug. The fact that spring.cloud.azure.keyvault.secret.property-sources
does not adhere to DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME
from azure-sdk-for-java.
@lavercr, this is because the environment processor at an earlier stage, before the default azure credential bean's initialization. To change this behavior, we need to do some refactor, but users need to register the DAC bean in another way.
from azure-sdk-for-java.
Not yet, but your contributions are welcome if you are interested
from azure-sdk-for-java.
using :
springboot 3.2.2
sring-cloud-azure-dependencies 5.9.1
JavaSE-17 (OpenJDK 21.0.1)
az cli 2.57.0
running on MacOS 14.3
from azure-sdk-for-java.
logs
[2m2024-02-28T11:46:45.153-05:00 [0;39m [32m INFO [0;39m [35m34603 [0;39m [2m--- [0;39m [2m[ main] [0;39m [2m [0;39m [36mm.p.s.SpringbootAzureKeyvaultApplication [0;39m [2m: [0;39m Starting SpringbootAzureKeyvaultApplication using Java 21.0.1 with PID 34603 (/Users/lavercr/src/springboot-azure-keyvault/target/classes started by lavercr in /Users/lavercr/src/springboot-azure-keyvault)
[2m2024-02-28T11:46:45.154-05:00 [0;39m [32m INFO [0;39m [35m34603 [0;39m [2m--- [0;39m [2m[ main] [0;39m [2m [0;39m [36mm.p.s.SpringbootAzureKeyvaultApplication [0;39m [2m: [0;39m No active profile set, falling back to 1 default profile: "default"
[2m2024-02-28T11:46:45.642-05:00 [0;39m [32m INFO [0;39m [35m34603 [0;39m [2m--- [0;39m [2m[ main] [0;39m [2m [0;39m [36mAbstractAzureServiceClientBuilderFactory [0;39m [2m: [0;39m Will configure the default credential of type DefaultAzureCredential for class com.azure.identity.DefaultAzureCredentialBuilder.
[2m2024-02-28T11:46:45.710-05:00 [0;39m [32m INFO [0;39m [35m34603 [0;39m [2m--- [0;39m [2m[ main] [0;39m [2m [0;39m [36mm.p.s.SpringbootAzureKeyvaultApplication [0;39m [2m: [0;39m Started **SpringbootAzureKeyvaultApplication in 141.667 seconds (process running for 142.235)**
from azure-sdk-for-java.
Hi @lavercr thanks for reaching out to us via this github issue. @saragluna @backwind1233 could you please follow up?
/cc @vcolin7
from azure-sdk-for-java.
Hi @lavercr , thanks for reaching out, Could help provide more info about how to use AzureCliCredential
directly?
from azure-sdk-for-java.
If I create my own secretClient using AzureCliCredentialBuilder I can connect and pull passwords, but this way I have to write all the code. I would like to keep to the one liner that spring.cloud.azure.keyvault.secret.property-sources[0].endpoint gives us. This loads all the secrets and makes them available to the spring beans right away. If I do it myself it is more code, and the beans with secrets have to depend on this bean loading first. That gets messy quick.
@Configuration
public class AzureKeyVaultConfig {
@Value("${spring.cloud.azure.keyvault.secret.uri}")
private String keyVaultUri;
@Bean
SecretClient secretClient() {
AzureCliCredential cliCredential = new AzureCliCredentialBuilder().build();
// Azure SDK client builders accept the credential as a parameter.
return new SecretClientBuilder()
.vaultUrl(keyVaultUri)
.credential(cliCredential)
.buildClient();
}
}
from azure-sdk-for-java.
Hi @lavercr , we don't support use AzureCliCredential
directly, but you can add this code to only use AzureCliCredential for authentication.
@Bean(name = DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME)
TokenCredential tokenCredential( ) {
return new AzureCliCredentialBuilder().build();
}
from azure-sdk-for-java.
Hi, I don't understand your solution. Does this need a specific bean name ?
I put a dummy name in and it still took a long time to respond.
from azure-sdk-for-java.
can you provide a more complete example that uses
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint
and
@Bean(name = DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME)
TokenCredential tokenCredential( ) {
return new AzureCliCredentialBuilder().build();
}
from azure-sdk-for-java.
Hi @lavercr , could you help provide your minimal project?
from azure-sdk-for-java.
can you provide a more complete example that uses
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint
and
@Bean(name = DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME) TokenCredential tokenCredential( ) { return new AzureCliCredentialBuilder().build(); }
can you provide me an example with this working. where spring.cloud.azure.keyvault.secret.property-sources
uses TokenCredential tokenCredential( ) {
from azure-sdk-for-java.
create a springboot application with required azure dependencies
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-keyvault</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-dependencies</artifactId>
<version>5.9.1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
add this entry into your application.properties file that points to your working key vault
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=[Your key vault url]
Add a secret to your vault called TestSecret
Setup your main class like this
package com.mbc.poc.springbootazurekeyvault;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringbootAzureKeyvaultApplication implements CommandLineRunner {
@Value("${TestSecret}")
private String testSecret;
public static void main(String[] args) {
SpringApplication.run(SpringbootAzureKeyvaultApplication.class, args);
}
@Override
public void run(String... args) {
System.out.println("TestSecret: " + testSecret);
}
}
Determine how to use AzureCliCredentialBuilder in the authentication options first
from azure-sdk-for-java.
create a springboot application with required azure dependencies
<dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-starter-keyvault</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-dependencies</artifactId> <version>5.9.1</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
add this entry into your application.properties file that points to your working key vault
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=[Your key vault url]
Add a secret to your vault called TestSecret
Setup your main class like this
package com.mbc.poc.springbootazurekeyvault; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.CommandLineRunner; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class SpringbootAzureKeyvaultApplication implements CommandLineRunner { @Value("${TestSecret}") private String testSecret; public static void main(String[] args) { SpringApplication.run(SpringbootAzureKeyvaultApplication.class, args); } @Override public void run(String... args) { System.out.println("TestSecret: " + testSecret); } }
Determine how to use AzureCliCredentialBuilder in the authentication options first
OK, I update your codes, hope this can help
package com.mbc.poc.springbootazurekeyvault;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import static com.azure.spring.cloud.autoconfigure.implementation.context.AzureContextUtils.DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME;
@SpringBootApplication
public class SpringbootAzureKeyvaultApplication implements CommandLineRunner {
@Value("${TestSecret}")
private String testSecret;
public static void main(String[] args) {
SpringApplication.run(SpringbootAzureKeyvaultApplication.class, args);
}
@Override
public void run(String... args) {
System.out.println("TestSecret: " + testSecret);
}
@Bean(name = DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME)
TokenCredential tokenCredential( ) {
return new AzureCliCredentialBuilder().build();
}
}
from azure-sdk-for-java.
This doesn't work for myself. We have a similar issue where development is done on Azure VMs and would like to override the Default to CLI so that property placeholders also work.
Setting the SecretClientBuilder bean to CLI works inside Application but then the KV EnvironmentPostProcessor just uses the Default.
from azure-sdk-for-java.
I agree, this still seems to be using the default. I will see if I can find any logging category I can turn on.
Started SpringbootAzureKeyvaultApplication in 148.961 seconds (process running for 149.767)
from azure-sdk-for-java.
Unable to find any logging I can turn on to give clarity to what is delaying startup. I am still assuming it is because it trys AzureCliCredential last to connect to azure key vault.
from azure-sdk-for-java.
I believe there is a bug that needs fixing
spring.cloud.azure.keyvault.secret.property-sources
does not adhere to
@Bean(name = DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME)
TokenCredential tokenCredential( ) {
return new AzureCliCredentialBuilder().build();
}
from azure-sdk-for-java.
any update?
from azure-sdk-for-java.
sorry for the late response and we will take a look about that
from azure-sdk-for-java.
we need to do some refactor..
So there may be a fix coming our way ?
from azure-sdk-for-java.
we need to be able to control the order.
from azure-sdk-for-java.
@saragluna Can I have an update for this fix?
from azure-sdk-for-java.
Sorry, this update requires code refactoring, which we need more time to discuss.
from azure-sdk-for-java.
Do you have an update? This is going to be critical for our business unit in the next few months.
from azure-sdk-for-java.
any possible way to get more frequent updates? or are you able to give me a patch to work around this issue ?
from azure-sdk-for-java.
Okay. I get it. I will have to live with it or create a bandage.
from azure-sdk-for-java.
@Netyyyy I have been asked for a date of fix. Please provide. This issue is holding up a security compliancy issue at our company. If there is another place or contact we can reach out to so we can get this fixed please let me know.
Thank you
from azure-sdk-for-java.
For anyone not understanding what this is about. I am trying to get this solution to work for us.
from azure-sdk-for-java.
Hi @lavercr, sorry but we can't guarantee a date for the fix, but you could create a support tickect and it will help us prioritize this issue.
from azure-sdk-for-java.
okay, do you have a link to create the support ticket, or do you mean go through some contract we have in our organization ?
from azure-sdk-for-java.
Related Issues (20)
- Keyvault JCA's AccessTokenUtil does not urlencode its parameters when getting an access token HOT 2
- Azure Json / Azure Xml - Stream style migration (management libraries) HOT 1
- [FEATURE REQ] add a LIVE test for azure-resourcemanager-appcomplianceautomation HOT 2
- I want to use the TranslationRecognizer in the Java speech SDK and configure the candidate languages
- [BUG] Streaming does not work with Spring AI and Azure OpenAI HOT 7
- [FEATURE REQ] Add live test for azure-resourcemanager-scvmm HOT 2
- [QUERY] 升级azure sdk到1.0.0-beta.9 中文问答回复异常
- [BUG] AcquireTokenSilentSupplier failed: Token not found in the cache
- [BUG] The lock supplied is invalid. Either the lock expired, or the message has already been removed from the queue. HOT 6
- Azure.Identity logging level should control the underlying log level of MSAL
- [FEATURE REQ] function app on ACA, support consumption tier
- [BUG] Azure SDK for Open AI doesn't respect Open AI API Specification when for content_filter and content_length_exceeded
- [BUG] java.lang.ExceptionInInitializerError HOT 2
- Documentation is not specific about null return values HOT 1
- Cosmos DB Java SDK Diagnostics report incorrect region for multi-region accounts HOT 2
- [FEATURE REQ] Managed Identity Support for Azure Synapse spark notebooks/jobs HOT 2
- [QUERY] Do we need to show "AZURE_COSMOS_DISABLE_NON_STREAMING_ORDER_BY" in the logs HOT 1
- [BUG] GetChatCompletionsStreamAsyncSample code not working HOT 2
- Migration directions from old azure-storage HOT 3
- [BUG] Failed to upload blob: Wrong number of arguments; expected 1, got 0 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-sdk-for-java.