Update application config
You now have everything in place to start using the identities from Key Vault and remove them from your config repo. You need to add the config for your Key Vault to your config repository and update your pom.xml file for the visits
, vets
, and customers
services to use the com.azure.spring:azure-spring-boot-starter-keyvault-secrets
dependency.
From the Git Bash window, in the config repository you cloned locally, use your text editor to open the application.yml file. Remove the lines 83 and 84 that contain the values of the admin user account name and its password for target datasource endpoint.
Note
The lines 83 and 84 should have the following content (where, the
<your-server-name>
and<myadmin-password>
represent the name of the Azure Database for MySQL Single Server instance and the password you assigned to the myadmin account during its provisioning).In the same file, append the following lines to it (where the <key-vault-name> placeholder represents the name of the Azure Key Vault you provisioned earlier in this exercise):
cloud: azure: keyvault: secret: property-source-enabled: true property-sources: - name: key-vault-property-souece-1 endpoint: https://<key-vault-name>.vault.azure.net/ credential.managed-identity-enabled: true
Commit and push these changes to your remote config repository.
cd ~/projects/spring-petclinic-microservices-config git add . git commit -m 'added key vault' git push
Update, rebuild, and redeploy the apps
From the Git Bash window, in the config repository you cloned locally, use the text editor to open pom.xml files of the
customers
,visits,
andvets
services. For each file, add the following dependencies within the<dependencies> </dependencies>
section. Save the changes.<dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId> </dependency>
Add a dependency to
com.azure.spring
to the parent pom.xml file between the elements. Enter the elements within the <dependencyManagement><dependencies></dependencies></dependencyManagement> section.<dependencyManagement> <dependencies> //... existing dependencies <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-dependencies</artifactId> <version>${version.spring.cloud.azure}</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
In the same file, add a property for
version.spring.cloud.azure
. Enter the elements within the <properties></properties> section.<version.spring.cloud.azure>4.4.1</version.spring.cloud.azure>
Save the changes to the pom.xml file and close it.
Rebuild each of the services. Make sure you are in the root directory for the Spring Petclinic application.
cd ~/projects/spring-petclinic-microservices/ mvn clean package -DskipTests
Verify that the build succeeds by reviewing the output of the
mvn clean package -DskipTests
command, which should have the following format:[INFO] Reactor Summary for spring-petclinic-microservices 2.6.3: [INFO] [INFO] spring-petclinic-microservices ..................... SUCCESS [0.505 s] [INFO] spring-petclinic-admin-server ...................... SUCCESS [4.302 s] [INFO] spring-petclinic-customers-service ................. SUCCESS [5.900 s] [INFO] spring-petclinic-vets-service ...................... SUCCESS [3.650 s] [INFO] spring-petclinic-visits-service .................... SUCCESS [3.520 s] [INFO] spring-petclinic-config-server ..................... SUCCESS [1.122 s] [INFO] spring-petclinic-discovery-server .................. SUCCESS [1.416 s] [INFO] spring-petclinic-api-gateway ....................... SUCCESS [7.646 s] [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 28.985 s [INFO] ------------------------------------------------------------------------
Redeploy the
customers
,visits
andvets
services to their respective apps in your Spring Apps service.az spring app deploy \ --service $SPRING_APPS_SERVICE \ --resource-group $RESOURCE_GROUP \ --name customers-service \ --no-wait \ --artifact-path spring-petclinic-customers-service/target/spring-petclinic-customers-service-$VERSION.jar \ --env SPRING_PROFILES_ACTIVE=mysql az spring app deploy \ --service $SPRING_APPS_SERVICE \ --resource-group $RESOURCE_GROUP \ --name visits-service \ --no-wait \ --artifact-path spring-petclinic-customers-service/target/spring-petclinic-customers-service-$VERSION.jar \ --env SPRING_PROFILES_ACTIVE=mysql az spring app deploy \ --service $SPRING_APPS_SERVICE \ --resource-group $RESOURCE_GROUP \ --name vets-service \ --no-wait \ --artifact-path spring-petclinic-customers-service/target/spring-petclinic-customers-service-$VERSION.jar \ --env SPRING_PROFILES_ACTIVE=mysql
Retest your application through its public endpoint. Ensure that the application is functional, while the connection string secrets are retrieved from Azure Key Vault.
In the Azure portal, navigate to the page of the Azure Key Vault instance you provisioned. On the Overview page, select the Monitoring tab and review the graph representing requests for access to the vault's secrets.