将从 Key Vault 读取配置并连接到 SQL 的 Spring 启动应用程序? [英] Spring boot application that would read configuration from Key vault and connect to SQL?

问题描述

我不是 Java/Spring Boot 开发人员，但是我想构建一个简单的 Spring Boot 应用程序，它可以从 Key vault 读取配置并连接到 SQL.

I am not a Java/Spring Boot developer however I want to build a simple Spring boot application which would read configuration from Key vault and connect to SQL.

我对每一个都有两个单独的解决方案

I have two separate solutions for each one of those

Key Vault 解决方案是从 Azure Key Vault 读取机密

Key vault solution is to read the secrets from the Azure Key vault

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.beans.factory.annotation.Value;

@SpringBootApplication
@RestController
public class KeyvaultApplication {

   public static void main(String[] args) {
     SpringApplication.run(KeyvaultApplication.class, args);
   }

  @GetMapping("get")
  public String get() {
    return connectionString;
  }

  @Value("${connectionString}")
  private String connectionString;

  public void run(String... varl) throws Exception {
    System.out.println(String.format("\nConnection String stored in Azure Key Vault:\n%s\n",connectionString));
  }  

}

application.properties

azure.keyvault.client-id=xxxx
azure.keyvault.client-key=xxxx
azure.keyvault.enabled=true
azure.keyvault.tenant-id=xxxxx
azure.keyvault.uri=https://xxxxx-keyvault85.vault.azure.net/

========================================================================

======================================================================

以及将数据插入 Azure SQL 数据库的 SQL 解决方案

and SQL solution to insert the data into the Azure SQL Database

application.properties

logging.level.org.springframework.jdbc.core=DEBUG

spring.datasource.url=jdbc:sqlserver://xxxx-sql.database.windows.net:1433;database=demo;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;
spring.datasource.username=spring@databasename
spring.datasource.password=Password

spring.datasource.initialization-mode=never

TodoController.java

package com.example.demo;

import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/")
public class TodoController {

    private final TodoRepository todoRepository;

    public TodoController(TodoRepository todoRepository) {
        this.todoRepository = todoRepository;
    }

    @PostMapping("/")
    @ResponseStatus(HttpStatus.CREATED)
    public Todo createTodo(@RequestBody Todo todo) {
        return todoRepository.save(todo);
    }

    @GetMapping("/")
    public Iterable<Todo> getTodos() {
        return todoRepository.findAll();
    }
}

TodoRepository.java

package com.example.demo;

import org.springframework.data.repository.CrudRepository;

public interface TodoRepository extends CrudRepository<Todo, Long> {
}

Todo.java

package com.example.demo;

import org.springframework.data.annotation.Id;

public class Todo {

    public Todo() {
    }

    public Todo(String description, String details, boolean done) {
        this.description = description;
        this.details = details;
        this.done = done;
    }

    @Id
    private Long id;

    private String description;

    private String details;

    private boolean done;

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getDescription() {
        return description;
    }

    public void setDescription(String description) {
        this.description = description;
    }

    public String getDetails() {
        return details;
    }

    public void setDetails(String details) {
        this.details = details;
    }

    public boolean isDone() {
        return done;
    }

    public void setDone(boolean done) {
        this.done = done;
    }
}

这两个解决方案都独立工作，但我想组合这些解决方案，以便我可以从 Azure Key Vault 读取 SQL 配置并连接到 Azure SQL 数据库.我如何实现这一目标?

Both the solution works independently however I want to combine the solutions so that I can read the SQL configuration from the Azure Key vault and connect with Azure SQL database. How do I achieve this?

推荐答案

请参考此文档:教程:从 Spring Boot 应用程序中的 Azure Key Vault 读取机密:

Spring Boot 应用程序将用户名和密码等敏感信息外化.外部化敏感信息可以实现更好的可维护性、可测试性和安全性.在代码之外存储秘密比对信息进行硬编码或在构建时内联要好.

Spring Boot applications externalize sensitive information such as usernames and passwords. Externalizing sensitive information enables better maintainability, testability, and security. Storing secrets outside of the code is better than hard coding the information, or inlining it at build time.

本教程介绍如何创建从 Azure Key Vault 读取值的 Spring Boot 应用，然后将该应用部署到 Azure 应用服务和 Azure Spring Cloud.

This tutorial describes how to create a Spring Boot app that reads a value from Azure Key Vault, then deploy the app to Azure App Service and Azure Spring Cloud.

将 Key Vault 集成添加到应用程序:

按照以下步骤将必要的配置添加到 application.properties 文件中.

Follow these steps to add the necessary configuration to application.properties file.

1. 在编辑器中打开 src/main/resources/application.properties 并制作它有以下内容，为您的 Azure 调整值订阅.

1. Open src/main/resources/application.properties in an editor and make it have the following contents, adjusting the values for your Azure subscription.

azure.keyvault.client-id=685on005-ns8q-4o04-8s16-n7os38o2ro5n
azure.keyvault.client-key=4bt.lCKJKlbYLn_3XF~wWtUwyHU0jKggu2
azure.keyvault.enabled=true
azure.keyvault.tenant-id=72s988os-86s1-41ns-91no-2q7pq011qo47
azure.keyvault.uri=https://contosokv.vault.azure.net/

可用属性的完整列表记录在属性参考.

The complete list of properties available is documented in the property reference.

保存文件并关闭它.

对 KeyvaultApplication.java 文件(或您的情况下的任何类名)进行一个简单的更改.

Make one simple changes to the KeyvaultApplication.java file (or whatever the class name is in your case).

1. 打开 src/main/java/com/contoso/keyvault/KeyvaultApplication.java 在一个文本编辑器.

1. Open src/main/java/com/contoso/keyvault/KeyvaultApplication.java in a text editor.

添加此导入.

import org.springframework.beans.factory.annotation.Value;

为 connectionString 实例变量添加注解.

Add an annotation to the connectionString instance variable.

@Value("${connectionString}")
private String connectionString;  

Key Vault 集成提供了一个 Spring PropertySource，它是从Key Vault 的值.更多的实现细节可以在参考文档.

The Key Vault integration provides a Spring PropertySource that is populated from the values of the Key Vault. Some more implementation details are available in the reference documentation.

在顶级 keyvault 目录中，pom.xml 文件所在的位置找到后，输入 mvn clean package spring-boot:run.

In the top level keyvault directory, where the pom.xml file is located, enter mvn clean package spring-boot:run.

命令输出中消息初始化完成表示服务器准备好了.在单独的 shell 窗口中，输入此命令.

The message initialization completed in the command output means the server is ready. In a separate shell window, enter this command.

Bash
$ curl http://localhost:8080/get

输出将显示jdbc:sqlserver://SERVER.database.windows.net:1433;database=DATABASE 而不是defaultValue.

杀死从 mvn spring-boot:run 运行的进程.你可以键入 Ctrl-C 或者您可以使用 jps 命令来获取Launcher 处理并杀死它.

Kill the process that is running from mvn spring-boot:run. You can type Ctrl-C or you can use the jps command to get the pid of the Launcher process and kill it.

希望能帮到你.

这篇关于将从 Key Vault 读取配置并连接到 SQL 的 Spring 启动应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！