Azure Key Vault Secrets configuration properties
| Property | Description |
|---|---|
| spring.cloud.azure.keyvault.secret.client.application-id | Represents current application and is used for telemetry/monitoring purposes. |
| spring.cloud.azure.keyvault.secret.client.connect-timeout | Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved. |
| spring.cloud.azure.keyvault.secret.client.connection-idle-timeout | Amount of time(Duration) before an idle connection. |
| spring.cloud.azure.keyvault.secret.client.headers | List of headers applied to each request sent with client. For instance, '"myCustomHeader", "myStaticValue"'. |
| spring.cloud.azure.keyvault.secret.client.headers[0].name | The name of the header. |
| spring.cloud.azure.keyvault.secret.client.headers[0].values | List of values of the header. |
| spring.cloud.azure.keyvault.secret.client.logging.allowed-header-names | Comma-delimited list of allowlist headers that should be logged. The default value is "x-ms-request-id","x-ms-client-request-id","x-ms-return-client-request-id","traceparent","MS-CV","Accept","Cache-Control","Connection","Content-Length","Content-Type","Date","ETag","Expires","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","Last-Modified","Pragma","Request-Id","Retry-After","Server","Transfer-Encoding","User-Agent","WWW-Authenticate". |
| spring.cloud.azure.keyvault.secret.client.logging.allowed-query-param-names | Comma-delimited list of allowlist query parameters. The default value is "api-version". |
| spring.cloud.azure.keyvault.secret.client.logging.level | The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is NONE. |
| spring.cloud.azure.keyvault.secret.client.logging.pretty-print-body | Whether to pretty print the message bodies. The default value is false. |
| spring.cloud.azure.keyvault.secret.client.maximum-connection-pool-size | Maximum connection pool size used by the underlying HTTP client. |
| spring.cloud.azure.keyvault.secret.client.read-timeout | Amount of time(Duration) used when reading the server response. |
| spring.cloud.azure.keyvault.secret.client.response-timeout | Amount of time(Duration) used when waiting for a server to reply. |
| spring.cloud.azure.keyvault.secret.client.write-timeout | Amount of time(Duration) each request being sent over the wire. |
| spring.cloud.azure.keyvault.secret.credential.client-certificate-password | Password of the certificate file. |
| spring.cloud.azure.keyvault.secret.credential.client-certificate-path | Path of a PEM certificate file to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.credential.client-id | Client ID to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.credential.client-secret | Client secret to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.credential.managed-identity-enabled | Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is false. |
| spring.cloud.azure.keyvault.secret.credential.password | Password to use when performing username/password authentication with Azure. |
| spring.cloud.azure.keyvault.secret.credential.username | Username to use when performing username/password authentication with Azure. |
| spring.cloud.azure.keyvault.secret.enabled | Whether an Azure Service is enabled. The default value is true. |
| spring.cloud.azure.keyvault.secret.endpoint | Azure Key Vault endpoint. For instance, https://{your-unique-keyvault-name}.vault.azure.net/. |
| spring.cloud.azure.keyvault.secret.profile.cloud-type | Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_GERMANY, AZURE_US_GOVERNMENT, OTHER. The default value is AZURE. |
| spring.cloud.azure.keyvault.secret.profile.environment.active-directory-endpoint | The Microsoft Entra endpoint to connect to. |
| spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-api-version | The Azure Active Directory Graph API version. |
| spring.cloud.azure.keyvault.secret.profile.environment.active-directory-graph-endpoint | The Azure Active Directory Graph endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.active-directory-resource-id | The Microsoft Entra resource ID. |
| spring.cloud.azure.keyvault.secret.profile.environment.azure-application-insights-endpoint | The Azure Application Insights endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix | The Data Lake analytics catalog and job endpoint suffix. |
| spring.cloud.azure.keyvault.secret.profile.environment.azure-data-lake-store-file-system-endpoint-suffix | The Data Lake storage file system endpoint suffix. |
| spring.cloud.azure.keyvault.secret.profile.environment.azure-log-analytics-endpoint | The Azure Log Analytics endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.data-lake-endpoint-resource-id | The Data Lake endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.gallery-endpoint | The gallery endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.key-vault-dns-suffix | The Key Vault DNS suffix. |
| spring.cloud.azure.keyvault.secret.profile.environment.management-endpoint | The management service endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.microsoft-graph-endpoint | The Microsoft Graph endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.portal | The management portal URL. |
| spring.cloud.azure.keyvault.secret.profile.environment.publishing-profile | The publishing settings file URL. |
| spring.cloud.azure.keyvault.secret.profile.environment.resource-manager-endpoint | The resource management endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.service-bus-domain-name | The domain name for Service Bus. |
| spring.cloud.azure.keyvault.secret.profile.environment.sql-management-endpoint | The SQL management endpoint. |
| spring.cloud.azure.keyvault.secret.profile.environment.sql-server-hostname-suffix | The SQL Server hostname suffix. |
| spring.cloud.azure.keyvault.secret.profile.environment.storage-endpoint-suffix | The Storage endpoint suffix. |
| spring.cloud.azure.keyvault.secret.profile.subscription-id | Subscription ID to use when connecting to Azure resources. |
| spring.cloud.azure.keyvault.secret.profile.tenant-id | Tenant ID for Azure resources. The values allowed for tenant-id are: common, organizations, consumers, or the tenant ID. |
| spring.cloud.azure.keyvault.secret.property-source-enabled | Whether to enable the Key Vault property source. The default value is true. |
| spring.cloud.azure.keyvault.secret.property-sources | List of Azure Key Vault property sources. For instance, ' property-sources[0].name=key-vault-property-source-1, property-sources[0].endpoint={ENDPOINT_1}, property-sources[1].name=key-vault-property-source-2, property-sources[1].endpoint={ENDPOINT_2} '. |
| spring.cloud.azure.keyvault.secret.property-sources[0].case-sensitive | Whether to enable case-sensitive for secret keys. The default value is false. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.application-id | Represents current application and is used for telemetry/monitoring purposes. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.connect-timeout | Amount of time(Duration) the request attempts to connect to the remote host and the connection is resolved. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.connection-idle-timeout | Amount of time(Duration) before an idle connection. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].name | The name of the header. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.headers[0].values | List of values of the header. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-header-names | Comma-delimited list of allowlist headers that should be logged. The default value is 'x-ms-request-id','x-ms-client-request-id','x-ms-return-client-request-id','traceparent','MS-CV','Accept','Cache-Control','Connection','Content-Length','Content-Type','Date','ETag','Expires','If-Match','If-Modified-Since','If-None-Match','If-Unmodified-Since','Last-Modified','Pragma','Request-Id','Retry-After','Server','Transfer-Encoding','User-Agent','WWW-Authenticate'. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.allowed-query-param-names | Comma-delimited list of allowlist query parameters. The default value is 'api-version'. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.level | The level of detail to log on HTTP messages. Supported types are: NONE, BASIC, HEADERS, BODY, BODY_AND_HEADERS. The default value is NONE. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.logging.pretty-print-body | Whether to pretty print the message bodies. The default value is false. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.maximum-connection-pool-size | Maximum connection pool size used by the underlying HTTP client. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.read-timeout | Amount of time(Duration) used when reading the server response. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.response-timeout | Amount of time(Duration) used when waiting for a server to reply. |
| spring.cloud.azure.keyvault.secret.property-sources[0].client.write-timeout | Amount of time(Duration) each request being sent over the wire. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-password | Password of the certificate file. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-certificate-path | Path of a PEM certificate file to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id | Client ID to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret | Client secret to use when performing service principal authentication with Azure. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.managed-identity-enabled | Whether to enable managed identity to authenticate with Azure. If true and the client-id is set, will use the client ID as user assigned managed identity client ID. The default value is false. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.password | Password to use when performing username/password authentication with Azure. |
| spring.cloud.azure.keyvault.secret.property-sources[0].credential.username | Username to use when performing username/password authentication with Azure. |
| spring.cloud.azure.keyvault.secret.property-sources[0].enabled | Whether an Azure Service is enabled. The default value is true. |
| spring.cloud.azure.keyvault.secret.property-sources[0].endpoint | Azure Key Vault endpoint. For instance, https://{your-unique-keyvault-name}.vault.azure.net/. |
| spring.cloud.azure.keyvault.secret.property-sources[0].name | Name of this property source. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.cloud-type | Name of the Azure cloud to connect to. Supported types are: AZURE, AZURE_CHINA, AZURE_GERMANY, AZURE_US_GOVERNMENT, OTHER. The default value is AZURE. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-endpoint | The Microsoft Entra endpoint to connect to. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-api-version | The Azure Active Directory Graph API version. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-graph-endpoint | The Azure Active Directory Graph endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.active-directory-resource-id | The Microsoft Entra resource ID. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-application-insights-endpoint | The Azure Application Insights endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-analytics-catalog-and-job-endpoint-suffix | The Data Lake analytics catalog and job endpoint suffix. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-data-lake-store-file-system-endpoint-suffix | The Data Lake storage file system endpoint suffix. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.azure-log-analytics-endpoint | The Azure Log Analytics endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.data-lake-endpoint-resource-id | The Data Lake endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.gallery-endpoint | The gallery endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.key-vault-dns-suffix | The Key Vault DNS suffix. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.management-endpoint | The management service endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.microsoft-graph-endpoint | The Microsoft Graph endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.portal | The management portal URL. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.publishing-profile | The publishing settings file URL. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.resource-manager-endpoint | The resource management endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-management-endpoint | The SQL management endpoint. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.sql-server-hostname-suffix | The SQL Server hostname suffix. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.environment.storage-endpoint-suffix | The Storage endpoint suffix. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.subscription-id | Subscription ID to use when connecting to Azure resources. |
| spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id | Tenant ID for Azure resources. The values allowed for tenant-id are: common, organizations, consumers, or the tenant ID. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.hostname | The host of the proxy. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.non-proxy-hosts | A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.password | Password used to authenticate with the proxy. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.port | The port of the proxy. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.type | The type of the proxy. For instance of http, http, socks4, socks5. For instance of amqp, http, socks. |
| spring.cloud.azure.keyvault.secret.property-sources[0].proxy.username | Username used to authenticate with the proxy. |
| spring.cloud.azure.keyvault.secret.property-sources[0].resource.region | The region of an Azure resource. For instance, '"eastus"'. |
| spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-group | The resource group holds an Azure resource. |
| spring.cloud.azure.keyvault.secret.property-sources[0].resource.resource-id | ID of an Azure resource. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.base-delay | Amount of time(Duration) to wait between retry attempts. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-delay | Maximum permissible amount of time(duration) between retry attempts. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.exponential.max-retries | The maximum number of attempts. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.delay | Amount of time(Duration) to wait between retry attempts. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.fixed.max-retries | The maximum number of attempts. |
| spring.cloud.azure.keyvault.secret.property-sources[0].retry.mode | The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL. |
| spring.cloud.azure.keyvault.secret.property-sources[0].secret-keys | The configured secret keys will be loaded from Azure Key Vaults secret, if configured nothing, then load all the secrets. Only support exact value for secret names, For example, if you configured secret key name SecretKey1 in Key Vaults secret, you should configure 'SecretKey1' here. |
| spring.cloud.azure.keyvault.secret.property-sources[0].service-version | Secret service version used when making API requests. |
| spring.cloud.azure.keyvault.secret.proxy.hostname | The host of the proxy. |
| spring.cloud.azure.keyvault.secret.proxy.non-proxy-hosts | A list of hosts or CIDR to not use proxy HTTP/HTTPS connections through. |
| spring.cloud.azure.keyvault.secret.proxy.password | Password used to authenticate with the proxy. |
| spring.cloud.azure.keyvault.secret.proxy.port | The port of the proxy. |
| spring.cloud.azure.keyvault.secret.proxy.type | The type of the proxy. For instance of http, http, socks4, socks5. For instance of amqp, http, socks. |
| spring.cloud.azure.keyvault.secret.proxy.username | Username used to authenticate with the proxy. |
| spring.cloud.azure.keyvault.secret.resource.region | The region of an Azure resource. For instance, '"eastus"'. |
| spring.cloud.azure.keyvault.secret.resource.resource-group | The resource group holds an Azure resource. |
| spring.cloud.azure.keyvault.secret.resource.resource-id | ID of an Azure resource. |
| spring.cloud.azure.keyvault.secret.retry.exponential.base-delay | Amount of time(Duration) to wait between retry attempts. |
| spring.cloud.azure.keyvault.secret.retry.exponential.max-delay | Maximum permissible amount of time(duration) between retry attempts. |
| spring.cloud.azure.keyvault.secret.retry.exponential.max-retries | The maximum number of attempts. |
| spring.cloud.azure.keyvault.secret.retry.fixed.delay | Amount of time(Duration) to wait between retry attempts. |
| spring.cloud.azure.keyvault.secret.retry.fixed.max-retries | The maximum number of attempts. |
| spring.cloud.azure.keyvault.secret.retry.mode | The retry backoff mode when retrying. Supported types are: FIXED, EXPONENTIAL. |
| spring.cloud.azure.keyvault.secret.service-version | Secret service version used when making API requests. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for