Spring Boot Application - Azure Key Vault Client Certificate Authentication

Gianfranco Coppola (MSC Sorrento) 65 Reputation points
2023-10-28T09:18:20.88+00:00

Hi, from my spring boot application I want to connect to Azure Key Vault to retrieve secrets that have been stored within it, such as database access credentials.

At the moment, the only working solution to authenticate to Key Vault from the spring boot application is to use the client id and client secret associated with the application and the key vault endpoint in the spring boot application.properties file in this way.

#AZURE KEY VAULT CONFIG
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=APPLICATION_CLIENT_ID
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=APPLICATION_CLIENT_SECRET
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=KEYVAULT_ENDPOINT
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=TENANT_ID

The Maven dependency used in the pom.xml file of the spring boot project is:

<dependency>
	<groupId>com.azure.spring</groupId>
	<artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
</dependency>

The application has been authorized to access the secrets and certificates registered on Azure Key Vault).

What I would like to do now is to modify the code described in such a way that authentication to Azure Key Vault no longer occurs via client id and client secret, but via certificate (client certificate authentication).

How can I do? How should I modify the code in the application.properties file? What are the Maven dependencies to import?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,327 questions
Azure Spring Apps
Azure Spring Apps
An Azure platform as a service for running Spring Boot applications at cloud scale. Previously known as Azure Spring Cloud.
127 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2023-10-30T04:26:23.1166667+00:00

    Hello @Gianfranco Coppola (MSC Sorrento) , in order to authenticate using a certificate in Azure Spring Cloud you need to set the following properties:

    spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-path="String"
    spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-password="String"
    

    For more information take a look to Spring Cloud Azure support for Spring Security.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.