What is Spring Cloud Azure?

Spring Cloud Azure is an open source project that helps make it easier to use Azure services in Spring applications.

Spring Cloud Azure is an open source project, with all resources available to the public. The following list provides links to these resources:

• Source code: Azure/azure-sdk-for-java.
• Samples: Azure-Samples/azure-spring-boot-samples.
• Documentation: Spring Cloud Azure.

What is Spring Cloud Azure used for?

Spring Cloud Azure can help make it easier to accomplish the following tasks in Spring applications:

• Managing configuration properties with Azure App Configuration.
• Sending and receiving messages with Azure Event Hubs, Azure Service Bus, and Azure Storage Queue.
• Managing secrets and certificates with Azure Key Vault.
• Supporting user sign-in with work or school accounts provisioned with Microsoft Entra ID.
• Supporting user sign-in with social accounts like Facebook and Google with Azure Active Directory B2C.
• Protecting your web APIs and accessing protected APIs like Microsoft Graph to work with your users' and organization's data with Microsoft Entra ID and Azure Active Directory B2C.
• Storing structured data with Azure Cosmos DB.
• Storing unstructured data like text or binary data with Azure Blob Storage.
• Storing files with Azure Files.

Benefits of using Spring Cloud Azure

The following section demonstrates the benefits of using Spring Cloud Azure. In this section, the retrieval of secrets stored in Azure Key Vault is used as an example. This section compares the differences between developing a Spring Boot application with and without Spring Cloud Azure.

Without Spring Cloud Azure

Without Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, you need to the following steps:

1. Add the following dependencies to your pom.xml file:

   XML

   <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-security-keyvault-secrets</artifactId>
      <version>4.5.2</version>
   </dependency>
   

2. Construct a SecretClient class instance by using code similar to the following example:

   Java

   public class DemoClass {
       public static void main(String... args) {
       SecretClient client = new SecretClientBuilder()
           .vaultUrl("vaultUrl")
           .credential(new ClientSecretCredentialBuilder()
               .tenantId("tenantId")
               .clientId("clientId")
               .clientSecret("clientSecret")
               .build())
           .buildClient();
       }
   }
   

3. Avoid hard coding information such as client-id and client-secret by making these properties configurable, as shown in the following example:

   Java

   @ConfigurationProperties("azure.keyvault")
   public class KeyVaultProperties {
       private String vaultUrl;
       private String tenantId;
       private String clientId;
       private String clientSecret;
   
       public KeyVaultProperties(String vaultUrl, String tenantId, String clientId, String clientSecret) {
           this.vaultUrl = vaultUrl;
           this.tenantId = tenantId;
           this.clientId = clientId;
           this.clientSecret = clientSecret;
       }
   
       public String getVaultUrl() {
           return vaultUrl;
       }
   
       public void setVaultUrl(String vaultUrl) {
           this.vaultUrl = vaultUrl;
       }
   
       public String getTenantId() {
           return tenantId;
       }
   
       public void setTenantId(String tenantId) {
           this.tenantId = tenantId;
       }
   
       public String getClientId() {
           return clientId;
       }
   
       public void setClientId(String clientId) {
           this.clientId = clientId;
       }
   
       public String getClientSecret() {
           return clientSecret;
       }
   
       public void setClientSecret(String clientSecret) {
           this.clientSecret = clientSecret;
       }
   }
   

4. Update your application code as shown in this example:

   Java

   @SpringBootApplication
   @EnableConfigurationProperties(KeyVaultProperties.class)
   public class SecretClientApplication implements CommandLineRunner {
       private KeyVaultProperties properties;
   
       public SecretClientApplication(KeyVaultProperties properties) {
           this.properties = properties;
       }
   
       public static void main(String[] args) {
           SpringApplication.run(SecretClientApplication.class, args);
       }
   
       @Override
       public void run(String... args) {
           SecretClient client = new SecretClientBuilder()
               .vaultUrl(properties.getVaultUrl())
               .credential(new ClientSecretCredentialBuilder()
                   .tenantId(properties.getTenantId())
                   .clientId(properties.getClientId())
                   .clientSecret(properties.getClientSecret())
                   .build())
               .buildClient();
           System.out.println("sampleProperty: " + client.getSecret("sampleProperty").getValue());
       }
   }
   

5. Add the necessary properties to your application.yml file, as shown in the following example:

   YAML

   azure:
     keyvault:
       vault-url:
       tenant-id:
       client-id:
       client-secret:
   

6. If you need to use SecretClient in multiple places, define a SecretClient bean. Then, auto-wire SecretClient in the relevant places.

With Spring Cloud Azure

With Spring Cloud Azure, if you want to retrieve secrets stored in Azure Key Vault, the requirements are simpler, as shown in the following steps:

1. Add the following dependencies to your pom.xml file:

   XML

   <dependencies>
     <dependency>
       <groupId>com.azure.spring</groupId>
       <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId>
     </dependency>
   </dependencies>
   

2. Use a bill of materials (BOM) to manage the Spring Cloud Azure version, as shown in the following example:

   XML

   <dependencyManagement>
     <dependencies>
       <dependency>
         <groupId>com.azure.spring</groupId>
         <artifactId>spring-cloud-azure-dependencies</artifactId>
         <version>5.20.1</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
     </dependencies>
   </dependencyManagement>
   

   Note

   If you're using Spring Boot 2.x, be sure to set the spring-cloud-azure-dependencies version to 4.19.0. This Bill of Material (BOM) should be configured in the <dependencyManagement> section of your pom.xml file. This ensures that all Spring Cloud Azure dependencies are using the same version. For more information about the version used for this BOM, see Which Version of Spring Cloud Azure Should I Use.

3. Add the following properties to your application.yml file:

   YAML

   spring:
     cloud:
       azure:
         keyvault:
           secret:
             endpoint:
   

4. Sign in with Azure CLI by using the following command. Your credentials will then be provided by Azure CLI, so there will be no need to add other credential information such as client-id and client-secret.

   Azure CLI

   az login
   

5. Auto-wire SecretClient in the relevant places, as shown in the following example:

   Java

   @SpringBootApplication
   public class SecretClientApplication implements CommandLineRunner {
   
       private final SecretClient secretClient;
   
       public SecretClientApplication(SecretClient secretClient) {
           this.secretClient = secretClient;
       }
   
       public static void main(String[] args) {
           SpringApplication.run(SecretClientApplication.class, args);
       }
   
       @Override
       public void run(String... args) {
           System.out.println("sampleProperty: " + secretClient.getSecret("sampleProperty").getValue());
       }
   }
   

Spring Cloud Azure will provide some other features besides the auto-configured SecretClient. For example, you can use @Value to get the secret value, as shown in the following example:

Java

@SpringBootApplication
public class PropertySourceApplication implements CommandLineRunner {

    @Value("${sampleProperty1}")
    private String sampleProperty1;

    public static void main(String[] args) {
        SpringApplication.run(PropertySourceApplication.class, args);
    }

    public void run(String[] args) {
        System.out.println("sampleProperty1: " + sampleProperty1);
    }

}

Components of Spring Cloud Azure

Azure support

Provides auto-configuration support for Azure Services, such as Service Bus, Storage, Active Directory, and so on.

Microsoft Entra ID

Provides integration support for Spring Security with Microsoft Entra ID for authentication. For more information, see Spring Cloud Azure support for Spring Security.

Azure Key Vault

Provides Spring @Value annotation support for integration with Azure Key Vault Secrets. For more information, see Spring Cloud Azure secret management.

Azure Storage

Provides Spring Boot support for Azure Storage services. For more information, see Spring Cloud Azure resource handling.

Get support

If you need support for Spring Cloud Azure, you can ask for help in the following ways:

• Create Azure support tickets. Customers with an Azure support plan can open an Azure support ticket. We recommend this option if your problem requires immediate attention.
• File GitHub issues in the Azure/azure-sdk-for-java repository. We use GitHub issues to track bugs, questions, and feature requests. GitHub issues are free, but the response time isn't guaranteed. For more information, see GitHub issues support process.

Next steps

• Tutorial: Read a secret from Azure Key Vault in a Spring Boot application
• Secure REST API using Spring Security 5 and Microsoft Entra ID
• How to use the Spring Boot Starter with Azure Cosmos DB for NoSQL