Multiple Azure keyvaults linked to same App configuration lead to auth error in spring boot app
My configuration is the following:
An Azure app configuration contains linked keyvalue references to 2 different keyvaults, each is linked to a section with a different prefix.
A spring boot application is authenticated to the app configuration and to one of the keyvaults
In my app I only need the values from one of the keyvaults (the one linked to the kafka section) and I have a filter in the Configuration to only pull a section of the app configuration
In my Application.java I have the code for linking the appconfiguration
@EnableConfigurationProperties({
KafkaSettings.class})
and the section filter in the respective class.
@ConfigurationProperties(prefix = "kafka")
public class KafkaSettings {
private String bootstrapServers;
...
I would expect this to work but I still receive the authentication error that my app is not authorized to read secrets from the Storage keyvault which I don't need.
Status code 403, "{"error":{"code":"Forbidden","message":"The user, group or application 'appid=<appid>' does not have secrets get permission on key vault '<keyvaultname>'
As expected the issue is resolved if I add the permissions for the second keyvault, but that is not my goal, I want to avoid assigning permissions this keyvault unnecessarily.
My question is, is it possible to tell my app to only pull the secrets from the necessary keyvault and ignore the other one, or did I do a fondamental error by linking multiple keyvaults with different permissions to the same App configuration?
Any help is appreciated
When an app setting in Azure references a Key Vault secret via a Shared Access Signature (SAS) URL, Azure App Service retrieves the secret value from the Key Vault and caches it at startup. The secret is not fetched every time the app accesses the app setting or runs a piece of code that references the app setting.
So, regardless of whether you need it or not, or whether it is used in code, the app will try to connect to the second Key Vault.
Double check that it is not used in your app and simply remove the settings or nullify their values.
- Spring Boot 2.7.18 compatibility issue with spring-cloud
- Caused by: java.lang.ClassNotFoundException: org.springframework.boot.context.properties.ConfigurationBeanFactoryMetadata
- not able to mock functional interface when testing controller and functional interface is being called from controller
- Upgrading to Spring Boot 3/ JDK 17/ Spring 6 - JAXB conflict issue IllegalAnnotationsException
- Connecting to AxonServer node failed: UNAVAILABLE: Network closed for unknown reason
- How do I force a Spring Boot JVM into UTC time zone?
- Set chunksize dynamically after fetching from db
- How to access a value defined in the application.properties file in Spring Boot
- GET Request Returning Empty Object in SpringBoot
- How to start up spring-boot application via command line?
- How to add custom ApplicationContextInitializer to a spring boot application?
- OpenAPI vs swagger
- Spring Boot Java Config Set Session Timeout
- Spring Boot 3.4.0 An error occurred while attempting to decode the Jwt: Unable to obtain X509Certificate from current request
- How to run Swagger 3 on Spring Boot 3
- Spring boot + React JS Reset password implementation
- Component scan for configuration class could not be used with conditions in REGISTER_BEAN
- Failed to load ApplicationContext for [WebMergedContextConfiguration@7f5614f9 testClass = com.proj.my.controller.OrderControllerTest,
- No primary or default constructor found for interface java.util.List Rest API Spring boot
- Feign client and Spring retry
- How do you implement swagger ui into a Spring Boot 3.4 project
- parse Json in Java -> INCLUDE_SOURCE_IN_LOCATION` disabled
- Springboot with Spring-cloud-aws and cloudwatch metrics
- NullPointerException Problem when trying to mock Elastic Search's RestHighLevelClient
- Transaction management of JPA and external API calls
- How to extends PostgreSQL dialect to add support for some custom column type? No type mapping for org.hibernate.type.SqlTypes code: 1111 (OTHER)
- How do I enable CORS headers in the Swagger /v2/api-docs offered by Springfox Swagger?
- Springboot Oauth2 Principal object
- Use Keycloak Spring Adapter with Spring Boot 3
- JPA query for deleting relations