From 20eb979e8567bb5a59ccd5eed8ba6acde530b58c Mon Sep 17 00:00:00 2001 From: Dingmeng Xue Date: Fri, 26 Dec 2025 15:55:33 +0800 Subject: [PATCH] Update keyvault MI sample project --- managed-identity-keyvault/README.md | 33 ++++++++----------- managed-identity-keyvault/pom.xml | 13 +++----- .../com/microsoft/azure/MainController.java | 2 +- 3 files changed, 18 insertions(+), 30 deletions(-) diff --git a/managed-identity-keyvault/README.md b/managed-identity-keyvault/README.md index 0215f58..45ebe6d 100644 --- a/managed-identity-keyvault/README.md +++ b/managed-identity-keyvault/README.md @@ -6,7 +6,7 @@ You need include [ManagedIdentityCredentialBuilder](https://docs.microsoft.com/j ## Prerequisite -* [JDK 8](https://docs.microsoft.com/azure/java/jdk/java-jdk-install) +* [JDK 21](https://docs.microsoft.com/azure/java/jdk/java-jdk-install) * [Maven 3.0 and above](http://maven.apache.org/install.html) * [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) or [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/overview) * An existing Key Vault. If you need to create a Key Vault, you can use the [Azure Portal](https://docs.microsoft.com/azure/key-vault/secrets/quick-create-portal) or [Azure CLI](https://docs.microsoft.com/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) @@ -14,35 +14,28 @@ You need include [ManagedIdentityCredentialBuilder](https://docs.microsoft.com/j ## How to run 1. Run `mvn clean package` after specifying the URI of your Key Vault in [application.properties](./src/main/resources/application.properties). -2. Install Azure CLI extension for Azure Spring Apps by running below command. +1. Create an instance of Azure Spring Apps. ``` - az extension add -y --source https://azureclitemp.blob.core.windows.net/spring-cloud/spring_cloud-0.1.0-py2.py3-none-any.whl + az spring create -n -g ``` -3. Create an instance of Azure Spring Apps. +1. Create an app with public domain assigned. ``` - az spring-cloud create -n -g + az spring app create -n --service -g --assign-endpoint true --runtime-version Java_21 ``` -4. Create an app with public domain assigned. - ``` - az spring-cloud app create -n -s -g --is-public true - ``` -5. Enable system-assigned managed identity for your app and take note of the principal id from the command output. +1. Enable system-assigned managed identity for your app and take note of the principal id from the command output. ``` - az spring-cloud app identity assign -n -s -g + az spring app identity assign -n --service -g ``` -6. Grant permission of Key Vault to the system-assigned managed identity. - ``` - az keyvault set-policy -n keyvault_name -g resource_group_of_keyvault --secret-permissions get set --object-id - ``` -7. Deploy app with jar. +1. Assign `Key Vault Secrets User` role to the system-assigned managed identity. +1. Deploy app with jar. ``` - az spring-cloud app deploy -n -s -g --jar-path ./target/asc-managed-identity-keyvault-sample-0.1.0.jar + az spring app deploy -n --service -g --jar-path ./target/asc-managed-identity-keyvault-sample-0.1.0.jar ``` -8. Verify app is running. Instances should have status `RUNNING` and discoveryStatus `UP`. +1. Verify app is running. Instances should have status `RUNNING` and discoveryStatus `UP`. ``` - az spring-cloud app show -n -s -g + az spring app show -n --service -g ``` -9. Verify sample is working. The url is fetched from previous step. +1. Verify sample is working. The url is fetched from previous step. ``` # Create a secret in Key Vault curl -X PUT {url}/secrets/{secret-name}?value={value} diff --git a/managed-identity-keyvault/pom.xml b/managed-identity-keyvault/pom.xml index fe3c549..534475f 100644 --- a/managed-identity-keyvault/pom.xml +++ b/managed-identity-keyvault/pom.xml @@ -10,7 +10,7 @@ org.springframework.cloud spring-cloud-starter-parent - Hoxton.SR8 + 2025.0.1 @@ -21,17 +21,12 @@ com.azure azure-identity - 1.0.0 + 1.18.1 com.azure azure-security-keyvault-secrets - 4.0.0 - - - org.projectlombok - lombok - true + 4.10.4 org.springframework.cloud @@ -40,7 +35,7 @@ - 1.8 + 21 diff --git a/managed-identity-keyvault/src/main/java/com/microsoft/azure/MainController.java b/managed-identity-keyvault/src/main/java/com/microsoft/azure/MainController.java index a8005e4..79e98ec 100644 --- a/managed-identity-keyvault/src/main/java/com/microsoft/azure/MainController.java +++ b/managed-identity-keyvault/src/main/java/com/microsoft/azure/MainController.java @@ -10,10 +10,10 @@ import com.azure.security.keyvault.secrets.SecretClient; import com.azure.security.keyvault.secrets.SecretClientBuilder; import com.azure.security.keyvault.secrets.models.KeyVaultSecret; +import jakarta.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.*; -import javax.annotation.PostConstruct; import java.time.Duration; @RestController