You can use client side decryption of properties on Azure Spring Apps by following the steps below:
Add the encrypted property in your .properties file in your git repository.
It would look like:
message={cipher}f43e3df3862ab196a4b367624a7d9b581e1c543610da353fbdd2477d60fb282f
Update the Config Server on Azure Spring App to use the git repository which has our encrypted property. You could do it directly from Azure Portal or use Azure CLI:
az spring-cloud config-server git set -n myspringcloud --uri <git_repo_url>
In your Spring Boot application, add the decryption key in the bootstrap.yml file. (You would need to create it if it does not exist)
encrypt:
key: somerandomkey
[This is the key you would have used in order to encrypt your property earlier]
Now, add some code to get the value of the encrypted property.
package com.example.demo;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class TestController {
@Value("${message:default}")
String message;
@GetMapping("/")
public String hello() {
return message;
}
}
Create an App, or deploy to an existing one.
az spring-cloud app create -n <appName>
Deploy your app.
az spring-cloud app deploy -n appName --jar-path <location_of_jar>
Assign a public endpoint (or use the Test Endpoints)
az spring-cloud app update -n appName --assign-endpoint true
Access your application to view the value.
https://<myspringcloud>-<appName>.azuremicroservices.io/
(Optional) You can check the encrypted values on the Config Server by following the steps mentioned in this
documentation: https://docs.microsoft.com/en-us/azure/spring-cloud/how-to-access-data-plane-azure-ad-rbac