What is Spring Cloud Azure?
Spring Cloud Azure is an open source project that helps make it easier to use Azure services in Spring applications.
Spring Cloud Azure is an open source project, with all resources available to the public. The following list provides links to these resources:
- Source code: Azure/azure-sdk-for-java.
- Samples: Azure-Samples/azure-spring-boot-samples.
- Documentation: Spring Cloud Azure.
What is Spring Cloud Azure used for?
Spring Cloud Azure can help make it easier to accomplish the following tasks in Spring applications:
- Managing configuration properties with Azure App Configuration.
- Sending and receiving messages with Azure Event Hubs, Azure Service Bus, and Azure Storage Queue.
- Managing secrets and certificates with Azure Key Vault.
- Supporting user sign-in with work or school accounts provisioned with Microsoft Entra ID.
- Supporting user sign-in with social accounts like Facebook and Google with Azure Active Directory B2C.
- Protecting your web APIs and accessing protected APIs like Microsoft Graph to work with your users' and organization's data with Microsoft Entra ID and Azure Active Directory B2C.
- Storing structured data with Azure Cosmos DB.
- Storing unstructured data like text or binary data with Azure Blob Storage.
- Storing files with Azure Files.
Benefits of using Spring Cloud Azure
The following section demonstrates the benefits of using Spring Cloud Azure. In this section, the retrieval of secrets stored in Azure Key Vault is used as an example. This section compares the differences between developing a Spring Boot application with and without Spring Cloud Azure.
Without Spring Cloud Azure
Without Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, you need to the following steps:
Add the following dependencies to your pom.xml file:
<dependency> <groupId>com.azure</groupId> <artifactId>azure-security-keyvault-secrets</artifactId> <version>4.5.2</version> </dependency>
Construct a
SecretClient
class instance by using code similar to the following example:public class DemoClass { public static void main(String... args) { SecretClient client = new SecretClientBuilder() .vaultUrl("vaultUrl") .credential(new ClientSecretCredentialBuilder() .tenantId("tenantId") .clientId("clientId") .clientSecret("clientSecret") .build()) .buildClient(); } }
Avoid hard coding information such as
client-id
andclient-secret
by making these properties configurable, as shown in the following example:@ConfigurationProperties("azure.keyvault") public class KeyVaultProperties { private String vaultUrl; private String tenantId; private String clientId; private String clientSecret; public KeyVaultProperties(String vaultUrl, String tenantId, String clientId, String clientSecret) { this.vaultUrl = vaultUrl; this.tenantId = tenantId; this.clientId = clientId; this.clientSecret = clientSecret; } public String getVaultUrl() { return vaultUrl; } public void setVaultUrl(String vaultUrl) { this.vaultUrl = vaultUrl; } public String getTenantId() { return tenantId; } public void setTenantId(String tenantId) { this.tenantId = tenantId; } public String getClientId() { return clientId; } public void setClientId(String clientId) { this.clientId = clientId; } public String getClientSecret() { return clientSecret; } public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; } }
Update your application code as shown in this example:
@SpringBootApplication @EnableConfigurationProperties(KeyVaultProperties.class) public class SecretClientApplication implements CommandLineRunner { private KeyVaultProperties properties; public SecretClientApplication(KeyVaultProperties properties) { this.properties = properties; } public static void main(String[] args) { SpringApplication.run(SecretClientApplication.class, args); } @Override public void run(String... args) { SecretClient client = new SecretClientBuilder() .vaultUrl(properties.getVaultUrl()) .credential(new ClientSecretCredentialBuilder() .tenantId(properties.getTenantId()) .clientId(properties.getClientId()) .clientSecret(properties.getClientSecret()) .build()) .buildClient(); System.out.println("sampleProperty: " + client.getSecret("sampleProperty").getValue()); } }
Add the necessary properties to your application.yml file, as shown in the following example:
azure: keyvault: vault-url: tenant-id: client-id: client-secret:
If you need to use
SecretClient
in multiple places, define aSecretClient
bean. Then, auto-wireSecretClient
in the relevant places.
With Spring Cloud Azure
With Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, the requirements are simpler, as shown in the following steps:
Add the following dependencies to your pom.xml file:
<dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId> </dependency> </dependencies>
Use a bill of materials (BOM) to manage the Spring Cloud Azure version, as shown in the following example:
<dependencyManagement> <dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-dependencies</artifactId> <version>5.17.1</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
Note
If you're using Spring Boot 2.x, be sure to set the
spring-cloud-azure-dependencies
version to4.19.0
. This Bill of Material (BOM) should be configured in the<dependencyManagement>
section of your pom.xml file. This ensures that all Spring Cloud Azure dependencies are using the same version. For more information about the version used for this BOM, see Which Version of Spring Cloud Azure Should I Use.Add the following properties to your application.yml file:
spring: cloud: azure: keyvault: secret: endpoint:
Sign in with Azure CLI by using the following command. Your credentials will then be provided by Azure CLI, so there will be no need to add other credential information such as
client-id
andclient-secret
.az login
Auto-wire
SecretClient
in the relevant places, as shown in the following example:@SpringBootApplication public class SecretClientApplication implements CommandLineRunner { private final SecretClient secretClient; public SecretClientApplication(SecretClient secretClient) { this.secretClient = secretClient; } public static void main(String[] args) { SpringApplication.run(SecretClientApplication.class, args); } @Override public void run(String... args) { System.out.println("sampleProperty: " + secretClient.getSecret("sampleProperty").getValue()); } }
Spring Cloud Azure will provide some other features besides the auto-configured SecretClient
. For example, you can use @Value
to get the secret value, as shown in the following example:
@SpringBootApplication
public class PropertySourceApplication implements CommandLineRunner {
@Value("${sampleProperty1}")
private String sampleProperty1;
public static void main(String[] args) {
SpringApplication.run(PropertySourceApplication.class, args);
}
public void run(String[] args) {
System.out.println("sampleProperty1: " + sampleProperty1);
}
}
Components of Spring Cloud Azure
Azure support
Provides auto-configuration support for Azure Services, such as Service Bus, Storage, Active Directory, and so on.
Microsoft Entra ID
Provides integration support for Spring Security with Microsoft Entra ID for authentication. For more information, see Spring Cloud Azure support for Spring Security.
Azure Key Vault
Provides Spring @Value
annotation support for integration with Azure Key Vault Secrets. For more information, see Spring Cloud Azure secret management.
Azure Storage
Provides Spring Boot support for Azure Storage services. For more information, see Spring Cloud Azure resource handling.
Get support
If you need support for Spring Cloud Azure, you can ask for help in the following ways:
- Create Azure support tickets. Customers with an Azure support plan can open an Azure support ticket. We recommend this option if your problem requires immediate attention.
- File GitHub issues in the Azure/azure-sdk-for-java repository. We use GitHub issues to track bugs, questions, and feature requests. GitHub issues are free, but the response time isn't guaranteed. For more information, see GitHub issues support process.