Spring Cloud Azure Key Vault secret value is null when using managed identity or azure cli with spring-cloud-azure-starter-keyvault-secrets

Question

I'm using spring-cloud-azure-starter-keyvault-secrets version 5.22.0 with Spring Boot version 3.4.4 and Java 17 to load secrets from Azure Key Vault using managed identity. Although the secret is correctly configured in the Key Vault and linked in my application.yml, the value is coming as null both on the local environment using azure-cli and on the dev environment using managed identity.

To Reproduce

Steps to reproduce the behavior:

Configuration/Setup information

Dependencies

pom.xml:

---

<dependency>

<groupId>com.azure.spring</groupId>

<artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>

<version>5.22.0</version>

</dependency>

Configuration

application.yaml:

---

spring:

application:

name: demo

cloud:

azure:

  keyvault:

    secret:

      endpoint: https://kv.vault.azure.net/

      property-source-enabled: true

      keys:

        - property1

        - property2

        - property3

application-dev.yaml:

---

spring:

cloud:

azure:

  credential:

    managed-identity-enabled: true

    client-id: 1234xxxxxxxxxxxxxxxxxxxxx

Profile - dev is activated via azure environment variable SPRING_PROFILES_ACTIVE

Access the secrets using @Value and environment.getProperty in the controller

@Value("${property1:missing-secret}")

private String keyVaultValue;

public void logSecret() {

System.out.println(keyVaultValue); // prints: null

System.out.println(environment.getProperty("property1")); // prints: null

}

Expected behavior

---

The secret property1 should be auto-loaded and resolved in Spring’s environment.

Actual behavior when we use : environment.getProperty("property1")

Secret obtained from the key vault : property1: null

Expected:

Expected value was non-null (secret exists and is readable in portal).

Actual behavior

@Value("${property1:missing-secret}") → returns missing-secret

environment.getProperty("property1") → returns null

Secret exists and is readable in the Azure portal

Actual behavior when we use

@Value("${property1:missing-secret}")

private String keyVaultValue;

Secret obtained from the key vault : property1: missing-secret

Expected:

Expected value was non-null (secret exists and is readable in portal).

Setup

---

• OS: Win 11
• IDE: VSCode
• Library/Libraries: spring-cloud-azure-starter-keyvault-secrets:5.22.0
• Java version: 17
• App Server/Environment: Azure Container Apps
• Frameworks: Spring Boot

Running on: Local machine with Azure Cli

and on Azure Container App (Managed Identity: Enabled, Client ID provided ,also tried by providing tenantId)

Additional context

---

Troubleshooting Tried :

Verified that secret exists and has Key Vault Secrets User role assigned

Manually fetched secret using Azure SDK, which works (rules out identity issue)

Verified that client ID and vault URI are correct

Verified secret names match exactly

Enabled property-source-enabled: true and specified keys: [...] and also tried without this

Tried both @Value and environment.getProperty(...)

Tried with and without specifying tenant-id

Tried manual integration using Azure SDK with Secret client , that worked fine and we were able to connect to Azure Key Vault , but we are unable to implement using Spring Cloud Azure SDK

Verified that the managed identity has Key Vault Secrets User access policy on the vault. Secret name matches exactly with what’s in the vault. Tried with property-source-enabled: true and secret listed under keys.

Please help investigate why the secret value is not getting resolved, even though:

Vault URI and client ID are correct

Managed Identity is enabled

The secret exists

Permissions are granted