Recipes¶
Use these production-focused recipes to integrate common Azure services and operational patterns with Spring Boot on App Service.
Prerequisites¶
- Completed tutorial steps 01 through 03
- Deployed app with
$RGand$APP_NAMEavailable - Access to create dependent Azure resources (SQL, Redis, networking)
Main Content¶
Recipe categories¶
flowchart TD
R[Recipes] --> D[Database]
R --> S[Security]
R --> N[Networking]
R --> P[Deployment]
D --> D1[Azure SQL]
D --> D2[Cosmos DB]
D --> D3[Redis]
S --> S1[Managed Identity]
S --> S2[Key Vault References]
S --> S3[Easy Auth]
N --> N1[VNet Integration]
P --> P1[Deployment Slots Zero Downtime]Database recipes¶
| Recipe | Problem solved | Key technologies |
|---|---|---|
| Azure SQL | Relational data with passwordless auth | JDBC, Managed Identity, Entra auth |
| Cosmos DB | Globally distributed NoSQL access | Spring Data Cosmos, partition keys |
| Redis Cache | Low-latency caching and shared session state | Lettuce, Spring Data Redis, TLS |
Security recipes¶
| Recipe | Problem solved | Key technologies |
|---|---|---|
| Managed Identity | Eliminate app secrets for Azure APIs | DefaultAzureCredential, RBAC |
| Key Vault References | Resolve secrets via platform config | @Microsoft.KeyVault(...) |
| Easy Auth | Add authentication at platform edge | App Service Authentication/Authorization |
| mTLS Client Certificates | Parse X-ARR-ClientCert and load PKCS#12 for outbound mTLS | CertificateFactory, KeyStore, SSLContext |
Networking recipes¶
| Recipe | Problem solved | Key technologies |
|---|---|---|
| VNet Integration | Private outbound connectivity | Delegated subnet, NSG, private endpoints |
| Private Network Deploy | End-to-end private connectivity with identity | VNet integration, private endpoint, managed identity |
Deployment recipes¶
| Recipe | Problem solved | Key technologies |
|---|---|---|
| Deployment Slots Zero Downtime | Safe production rollouts with rollback path | Staging slot, swap, sticky settings |
How to use these recipes¶
- Identify one operational problem (for example, secret sprawl or cold cache)
- Apply exactly one recipe in a test environment
- Verify with endpoint checks and Azure CLI outputs
- Promote to production through your CI/CD process
Keep recipes composable
Start with Managed Identity before SQL/Key Vault recipes so your data integrations remain passwordless by design.
Platform concepts
For platform architecture details, see Platform: How App Service Works.
Verification¶
- You can choose a recipe by category and desired outcome.
- Each linked recipe opens and includes implementation, verification, and troubleshooting sections.
- The sequence from tutorial to recipe is clear for new contributors.
Troubleshooting¶
Unsure which recipe to start with¶
Start with Managed Identity, then apply a data recipe like Azure SQL.
You need strict network isolation¶
Pair VNet Integration with private endpoints on each backend service.
You need safer deployments first¶
Implement Deployment Slots Zero Downtime before service integrations.