Skip to content

Commit e951507

Browse files
Update tutorial-java-tomcat-mysql-app.md
1 parent 2308f27 commit e951507

File tree

1 file changed

+16
-14
lines changed

1 file changed

+16
-14
lines changed

articles/app-service/tutorial-java-tomcat-mysql-app.md

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ Sign in to the [Azure portal](https://portal.azure.com/) and follow these steps
142142
1. *Name*: **msdocs-tomcat-mysql-XYZ**, where *XYZ* is any three random characters.
143143
1. *Runtime stack*: **Java 17**.
144144
1. *Java web server stack*: **Apache Tomcat 10.1**.
145-
1. **MySQL - Flexible Server** is selected for you by default as the database engine. If not, select it. Azure Database for MySQL is a fully managed MySQL database as a service on Azure, compatible with the latest community editions.
145+
1. *Engine*: **MySQL - Flexible Server** is selected for you by default as the database engine. If not, select it. MySQL - Flexible Server runs on Azure Database for MySQL. It's a fully managed MySQL database as a service on Azure, compatible with the latest community editions.
146146
1. *Hosting plan*: **Basic**. When you're ready, you can [scale up](manage-scale-up.md) to a production pricing tier.
147147
1. Select **Review + create**.
148148
1. After validation completes, select **Create**.
@@ -171,12 +171,12 @@ Having issues? Check the [Troubleshooting section](#troubleshooting).
171171

172172
## 3. Secure connection secrets
173173

174-
The creation wizard generated the connectivity string for you already as an [app setting](configure-common.md#configure-app-settings). However, the security best practice is to keep secrets out of App Service completely. You'll move your secrets to a key vault and change your app setting to a [Key Vault reference](app-service-key-vault-references.md) with the help of Service Connectors.
174+
The creation wizard generated the database connectivity string for you already as an [app setting](configure-common.md#configure-app-settings). However, the security best practice is to keep secrets out of App Service completely. You'll move your secrets to a key vault and change your app setting to a [Key Vault reference](app-service-key-vault-references.md) with the help of Service Connectors.
175175

176176
:::row:::
177177
:::column span="2":::
178-
**Step 1:** In the App Service page:
179-
1. In the left menu, select **Settings > Environment variables**.
178+
**Step 1: Retrieve the existing connection string**
179+
1. In the left menu of the App Service page, select **Settings > Environment variables**.
180180
1. Select **AZURE_MYSQL_CONNECTIONSTRING**. It contains a JDBC connection string. If you add an app setting that contains a valid Oracle, SQL Server, PostgreSQL, or MySQL connection string, App Service injects it as a Java Naming and Directory Interface (JNDI) data source in the Tomcat server's *context.xml* file.
181181
1. In **Add/Edit application setting**, in the **Value** field, find the *password=* part at the end of the string.
182182
1. Copy the password string after *Password=* for use later.
@@ -188,25 +188,25 @@ The creation wizard generated the connectivity string for you already as an [app
188188
:::row-end:::
189189
:::row:::
190190
:::column span="2":::
191-
**Step 2:** Create a key vault for secure management of secrets.
191+
**Step 2: Create a Key Vault for secure management of secrets.**
192192
1. In the top search bar, type "*key vault*", then select **Marketplace** > **Key Vault**.
193193
1. In **Resource Group**, select **msdocs-tomcat-mysql-tutorial**.
194194
1. In **Key vault name**, type a name that consists of only letters and numbers.
195-
1. In **Region**, set it to the sample location as the resource group.
195+
1. In **Region**, set it to the same location as the resource group.
196196
:::column-end:::
197197
:::column:::
198198
:::image type="content" source="./media/tutorial-java-tomcat-mysql-app/azure-portal-secure-connection-secrets-2.png" alt-text="A screenshot showing how to create a key vault." lightbox="./media/tutorial-java-tomcat-mysql-app/azure-portal-secure-connection-secrets-2.png":::
199199
:::column-end:::
200200
:::row-end:::
201201
:::row:::
202202
:::column span="2":::
203-
**Step 3:**
203+
**Step 3: Secure the Key Vault with a Private Endpoint**
204204
1. Select the **Networking** tab.
205205
1. Unselect **Enable public access**.
206206
1. Select **Create a private endpoint**.
207207
1. In **Resource Group**, select **msdocs-tomcat-mysql-tutorial**.
208-
1. In **Key vault name**, type a name that consists of only letters and numbers.
209-
1. In **Region**, set it to the sample location as the resource group.
208+
1. In **Name**, type a name for the Private Endpoint that consists of only letters and numbers.
209+
1. In **Region**, set it to the same location as the resource group.
210210
1. In the dialog, in **Location**, select the same location as your App Service app.
211211
1. In **Resource Group**, select **msdocs-tomcat-mysql-tutorial**.
212212
1. In **Name**, type **msdocs-tomcat-mysql-XYZVaultEndpoint**.
@@ -221,7 +221,7 @@ The creation wizard generated the connectivity string for you already as an [app
221221
:::row-end:::
222222
:::row:::
223223
:::column span="2":::
224-
**Step 4:**
224+
**Step 4: Configure the Service Connector**
225225
1. In the top search bar, type *msdocs-tomcat-mysql*, then the App Service resource called **msdocs-tomcat-mysql-XYZ**.
226226
1. In the App Service page, in the left menu, select **Settings > Service Connector**. There's already a connector, which the app creation wizard created for you.
227227
1. Select checkbox next to the connector, then select **Edit**.
@@ -238,8 +238,8 @@ The creation wizard generated the connectivity string for you already as an [app
238238
:::row-end:::
239239
:::row:::
240240
:::column span="2":::
241-
**Step 5:** In the **Create connection** dialog for the Key Vault connection:
242-
1. In **Key Vault**, select the key vault you created earlier.
241+
**Step 5: Establish the Key Vault connection**
242+
1. In the **Create connection** dialog for the Key Vault connection, in **Key Vault**, select the key vault you created earlier.
243243
1. Select **Review + Create**. You should see that **System assigned managed identity** is set to **Selected**.
244244
1. When validation completes, select **Create**.
245245
:::column-end:::
@@ -249,7 +249,7 @@ The creation wizard generated the connectivity string for you already as an [app
249249
:::row-end:::
250250
:::row:::
251251
:::column span="2":::
252-
**Step 6:** You're back in the edit dialog for **defaultConnector**.
252+
**Step 6: Finalize the Service Connector configuration** You're back in the edit dialog for **defaultConnector**.
253253
1. In the **Authentication** tab, wait for the key vault connector to be created. When it's finished, the **Key Vault Connection** dropdown automatically selects it.
254254
1. Select **Next: Networking**.
255255
1. Select **Save**. Wait until the **Update succeeded** notification appears.
@@ -260,7 +260,7 @@ The creation wizard generated the connectivity string for you already as an [app
260260
:::row-end:::
261261
:::row:::
262262
:::column span="2":::
263-
**Step 7:** To verify your changes:
263+
**Step 7: Verify the Key Vault integration**
264264
1. From the left menu, select **Environment variables > Connection strings** again.
265265
1. Next to **AZURE_MYSQL_CONNECTIONSTRING**, select **Show value**. The value should be `@Microsoft.KeyVault(...)`, which means that it's a [key vault reference](app-service-key-vault-references.md) because the secret is now managed in the key vault.
266266
:::column-end:::
@@ -269,6 +269,8 @@ The creation wizard generated the connectivity string for you already as an [app
269269
:::column-end:::
270270
:::row-end:::
271271

272+
To summarize, the process involved retrieving the MySQL connection string from the App Service's environment variables, creating an Azure Key Vault for secure secret management with private access, and updating the service connector to store the password in the Key Vault. A secure connection between the App Service and Key Vault was established using a system-assigned managed identity, and the setup was verified by confirming the connection string referenced the Key Vault.
273+
272274
Having issues? Check the [Troubleshooting section](#troubleshooting).
273275

274276
## 4. Confirm JNDI data source

0 commit comments

Comments
 (0)