Bind an Azure Database for PostgreSQL to your application in Azure Spring Apps

Note

Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

This article applies to: ✔️ Java ✔️ C#

This article applies to: ✔️ Basic/Standard ✔️ Enterprise

With Azure Spring Apps, you can bind select Azure services to your applications automatically, instead of having to configure your Spring Boot application manually. This article shows you how to bind your application to your Azure Database for PostgreSQL instance.

In this article, we include two authentication methods: Microsoft Entra authentication and PostgreSQL authentication. The Passwordless tab shows the Microsoft Entra authentication and the Password tab shows the PostgreSQL authentication.

Microsoft Entra authentication is a mechanism for connecting to Azure Database for PostgreSQL using identities defined in Microsoft Entra ID. With Microsoft Entra authentication, you can manage database user identities and other Microsoft services in a central location, which simplifies permission management.

PostgreSQL authentication uses accounts stored in PostgreSQL. If you choose to use passwords as credentials for the accounts, these credentials are stored in the user table. Because these passwords are stored in PostgreSQL, you need to manage the rotation of the passwords by yourself.

Prerequisites

• An application deployed to Azure Spring Apps. For more information, see Quickstart: Deploy your first application to Azure Spring Apps.
• An Azure Database for PostgreSQL Flexible Server instance.
• Azure CLI version 2.45.0 or higher.

Prepare your project

Java

Use the following steps to prepare your project.

1. In your project's pom.xml file, add the following dependency:

   <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>
   </dependency>
   <dependency>
       <groupId>com.azure.spring</groupId>
       <artifactId>spring-cloud-azure-starter-jdbc-postgresql</artifactId>
   </dependency>
   

2. In the application.properties file, remove any spring.datasource.* properties.

3. Update the current app by running az spring app deploy, or create a new deployment for this change by running az spring app deployment create.

Polyglot

All the connection strings and credentials are injected as environment variables, which you can reference in your application code.

For the default environment variable names, see Integrate Azure Database for PostgreSQL with Service Connector.

Bind your app to the Azure Database for PostgreSQL instance

Note

Be sure to select only one of the following approaches to create a connection. If you've already created tables with one connection, other users can't access or modify the tables. When you try the other approach, the application will throw errors such as "Permission denied". To fix this issue, connect to a new database or delete and recreate an existing one.

Note

By default, Service Connectors are created at the application level. To override the connections, you can create other connections again in the deployments.

Passwordless (Recommended)

1. Install the Service Connector passwordless extension for the Azure CLI:

   az extension add --name serviceconnector-passwordless --upgrade
   

2. Configure Azure Spring Apps to connect to the PostgreSQL Database with a system-assigned managed identity using the az spring connection create command.

   az spring connection create postgres-flexible \
       --resource-group $AZ_SPRING_APPS_RESOURCE_GROUP \
       --service $AZ_SPRING_APPS_SERVICE_INSTANCE_NAME \
       --app $APP_NAME \
       --deployment $DEPLOYMENT_NAME \
       --target-resource-group $POSTGRES_RESOURCE_GROUP \
       --server $POSTGRES_SERVER_NAME \
       --database $DATABASE_NAME \
       --system-identity
   

Password

Use the following steps to bind your app using a secret.

1. Note the admin username and password of your Azure Database for PostgreSQL account.

2. Connect to the server, create a database named testdb from a PostgreSQL client, and then create a new non-admin account.

3. Run the following command to connect to the database with admin username and password.

   az spring connection create postgres-flexible \
       --resource-group $AZ_SPRING_APPS_RESOURCE_GROUP \
       --service $AZ_SPRING_APPS_SERVICE_INSTANCE_NAME \
       --app $APP_NAME \
       --deployment $DEPLOYMENT_NAME \
       --target-resource-group $POSTGRES_RESOURCE_GROUP \
       --server $POSTGRES_SERVER_NAME \
       --database $DATABASE_NAME \
       --secret name=$USERNAME secret=$PASSWORD
   

Prerequisites

• An application deployed to Azure Spring Apps. For more information, see Quickstart: Deploy your first application to Azure Spring Apps.
• An Azure Database for PostgreSQL Single Server instance.
• Azure CLI version 2.45.0 or higher.

Prepare your project

Java

Use the following steps to prepare your project.

1. In your project's pom.xml file, add the following dependency:

   <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>
   </dependency>
   <dependency>
       <groupId>com.azure.spring</groupId>
       <artifactId>spring-cloud-azure-starter-jdbc-postgresql</artifactId>
   </dependency>
   

2. In the application.properties file, remove any spring.datasource.* properties.

3. Update the current app by running az spring app deploy, or create a new deployment for this change by running az spring app deployment create.

Polyglot

All the connection strings and credentials will be injected as the environment variables, which can be referenced in your application codes.

You can find the default environment variable names in this doc: Integrate Azure Database for PostgreSQL with Service Connector

Bind your app to the Azure Database for PostgreSQL instance

Note

Service Connectors are created at the deployment level. So if another deployment is created, you need to create the connections again.

Passwordless

1. Install the Service Connector passwordless extension for the Azure CLI:

   az extension add --name serviceconnector-passwordless --upgrade
   

2. Configure Azure Spring Apps to connect to the PostgreSQL Database with a system-assigned managed identity using the az spring connection create command.

   az spring connection create postgres \
       --resource-group $AZ_SPRING_APPS_RESOURCE_GROUP \
       --service $AZ_SPRING_APPS_SERVICE_INSTANCE_NAME \
       --app $APP_NAME \
       --deployment $DEPLOYMENT_NAME \
       --target-resource-group $POSTGRES_RESOURCE_GROUP \
       --server $POSTGRES_SERVER_NAME \
       --database $DATABASE_NAME \
       --system-identity
   

Password

Use the following steps to bind your app using a secret.

1. Note the admin username and password of your Azure Database for PostgreSQL account.

2. Connect to the server, create a database named testdb from a PostgreSQL client, and then create a new non-admin account.

3. Run the following command to connect to the database with admin username and password.

   az spring connection create postgres \
       --resource-group $AZ_SPRING_APPS_RESOURCE_GROUP \
       --service $AZ_SPRING_APPS_SERVICE_INSTANCE_NAME \
       --app $APP_NAME \
       --deployment $DEPLOYMENT_NAME \
       --target-resource-group $POSTGRES_RESOURCE_GROUP \
       --server $POSTGRES_SERVER_NAME \
       --database $DATABASE_NAME \
       --secret name=$USERNAME secret=$PASSWORD
   

Next steps

In this article, you learned how to bind an application in Azure Spring Apps to an Azure Database for PostgreSQL instance. To learn more about binding services to an application, see Bind an Azure Cosmos DB database to an application in Azure Spring Apps.