Jon Gallant

Updated: How to use .env files with the Azure SDK for Java

4 min read
azureazure-sdkjava

Exactly, one month ago, to the day, I wrote a post about how to use .env files with Java and Azure SDKs. The gist of the problem was that the package we use to read the .env files didn’t write those values to System.getenv or System.properties, so you had to do that manually with something like this:

OLD

static void loadEnvironmentProperties() {
    Dotenv ENVIRONMENT = Dotenv.load();
    ENVIRONMENT.entries().forEach(entry -> System.setProperty(entry.getKey(), entry.getValue()));
}


```javascript


Well, I’m super happy to let you know that Carmine DiMascio, the [java-dotenv package](https://github.com/cdimascio/java-dotenv) creator and maintainer, just implemented a feature that will tell `java-dotenv` to also write the values from `.env` to `System.properties` - which are read by the Azure SDKs.


So instead of the above you just need to call `systemProperties()` when you load the `.env` file, like so:


## NEW


```java


Dotenv.configure().systemProperties().load();


```markdown


Here’s how to get everything setup. I’m going to assume that you already have a Java project - but you can find all of the source code for this simple sample here: [https://github.com/jongio/azsdkjavaenv](https://github.com/jongio/azsdkjavaenv)


## 1. Add .env file to project


Create `.env` file in your project and add the following settings:


```bash


AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=
AZURE_TENANT_ID=


```python


These are the service principal settings that you get from calling `az ad sp create-for-rbac --role Contributor` to create a service principal - which will be used by DefaultAzureCredential. Make sure the service principal has the appropriate policy set to create a key. You can find those commands here: [Authorizing an application to use a key or secret](https://docs.microsoft.com/en-us/azure/key-vault/general/manage-with-cli2#authorizing-an-application-to-use-a-key-or-secret)


You can use this command to assign the right policy to your service principal.


```bash


az keyvault set-policy -n KEY_VAULT_NAME --spn AZURE_CLIENT_ID --secret-permissions get list set delete --key-permissions create decrypt delete encrypt get list unwrapKey wrapKey update


```markdown


## 2. Add java-dotenv Package


This package is used to read the `.env` file.


> Make sure you add version 5.2.0


```xml


<dependency>
    <groupId>io.github.cdimascio</groupId>
    <artifactId>java-dotenv</artifactId>
    <version>5.2.0</version>
</dependency>


```markdown


## 3. Add java-dotnet import


```java


import io.github.cdimascio.dotenv.Dotenv;


```csharp


## 4. Add code to load .env


Notice that we are now calling `systemProperties()`, which is the new method that will load the `.env` values into the Java System properties.


```java


Dotenv.configure().systemProperties().load();
System.out.print(System.getProperty("AZURE_CLIENT_ID"));


```csharp


When you run the above code, it should print the value that you have for AZURE\_CLIENT\_ID in your `.env` file.


## 5. Add Azure SDK Packages


Now that we have java-dotenv set, let’s get it working with the Azure SDKs. We’ll new up a DefaultAzureCredential, pass that to KeyClient, and create a key.


Add these to pom.xml


```xml


<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-security-keyvault-keys</artifactId>
    <version>4.1.3</version>
</dependency>


<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.0.6</version>
</dependency>


```markdown


You can find all the Azure SDK for Java releases here: [https://aka.ms/azsdk/java](https://aka.ms/azsdk/java)


## 6. Add Azure SDK imports


Add imports to your Java code file.


```java


import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.keys.KeyClientBuilder;
import com.azure.security.keyvault.keys.models.KeyType;
import com.azure.security.keyvault.keys.models.*;
import com.azure.security.keyvault.keys.KeyClient;


```sql


## 7. Create Key Vault


To run the sample, you are going to need to create an Azure Key Vault. You can do so with the Azure CLI [`az keyvault create`](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest#az-keyvault-create) or Azure Portal.


Add the following to your `.env` file and replace the URL with your Key Vault uri.


```bash


AZURE_KEYVAULT_URL=https://jongkv.vault.azure.net/


```csharp


## 8. Add Azure SDK Code


We’ll first new up a DefaultAzureCredentail object, which under the covers will new up an EnvironmentCredential object, which will read the `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, and `AZURE_TENANT_ID` values from System.properties which were written to by the java-dotenv package.


We then new up a KeyClient, and then create a key.


```java


// Build new DAC, which will read from System.Properties
DefaultAzureCredential cred = new DefaultAzureCredentialBuilder().build();


// Use DAC when constructing a Key Vault client.
KeyClient keyClient = new KeyClientBuilder().vaultUrl(System.getProperty("AZURE_KEYVAULT_URL")).credential(cred)
        .buildClient();


KeyVaultKey key = keyClient.createKey("key1", KeyType.RSA);


System.out.printf("Key created. Name %s Id %s", key.getName(), key.getId());

And that’s how you get it all working together. Good stuff and much easier now that we have the systemProperties method.

You can find all the code here: https://github.com/jongio/azsdkjavaenv

Jon

Share:
Share on X