Client Side Decryption on Azure Spring Apps
Published Sep 15 2022 05:36 AM 1,912 Views

You can use client side decryption of properties on Azure Spring Apps by following the steps below:

Add the encrypted property in your .properties file in your git repository.
It would look like:


Update the Config Server on Azure Spring App to use the git repository which has our encrypted property. You could do it directly from Azure Portal or use Azure CLI:

az spring-cloud config-server git set -n myspringcloud --uri <git_repo_url>

In your Spring Boot application, add the decryption key in the bootstrap.yml file. (You would need to create it if it does not exist)

  key: somerandomkey

[This is the key you would have used in order to encrypt your property earlier]

Now, add some code to get the value of the encrypted property.

package com.example.demo;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

public class TestController {

    String message;

    public String hello() {
        return message;


Create an App, or deploy to an existing one.

az spring-cloud app create -n <appName>


Deploy your app.

az spring-cloud app deploy -n appName --jar-path <location_of_jar>


Assign a public endpoint (or use the Test Endpoints)

az spring-cloud app update -n appName --assign-endpoint true


Access your application to view the value.



(Optional) You can check the encrypted values on the Config Server by following the steps mentioned in this

Version history
Last update:
‎Sep 15 2022 05:36 AM
Updated by: