Add readme description for spring kv sample on how to authenticate using certificate (Azure#18465)

Moary Chen · web-flow · commit 802b407de8da · 2021-01-07T13:12:52.000+08:00
diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-secrets/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-keyvault-secrets/README.md
@@ -56,11 +56,25 @@ az keyvault secret set --name <yourSecretPropertyName>   \
                        --vault-name <your_keyvault_name>
 ```
 
-
+- If you want to use certificate authentication, upload the certificate file to App registrations in Azure Active Directory by using Azure Portal. 
+You can manually add a new application or use the service principal created in the previous step.
+
+    1. Select **App registrations**, then select the application name or service principal name just created.
+    
+    1. Select **Certificates & secrets**, then select **Upload Certificate**, upload your cer, pem, or crt type certificate, click **Add** button to complete the upload.
+    
+    1. If you add a new application, grant appropriate permissions to the application created.
+       
+       You can use the following az cli commands:
+       ```bash
+       az keyvault set-policy --name <your_keyvault_name>   \
+                              --secret-permission get list  \
+                              --spn <your_application_id_create_in_current_step>
+       ```
 ## Examples
 
-### Add the property setting
-Open `application.properties` file and add below properties to specify your Azure Key Vault url, Azure service principle client id and client key.
+### The service-principal-based authentication property setting
+Open `application.properties` file and add below properties to specify your Azure Key Vault url, Azure service principal client id and client key.
 
 ```properties
 azure.keyvault.uri=put-your-azure-keyvault-uri-here
@@ -89,6 +103,18 @@ The valid secret-service-version value can be found [here][version_link].
 
 If property not set, the property will be filled with the latest value.
 
+### The certificate-based authentication property setting
+If you use certificate authentication, you only need to replace the property `azure.keyvault.client-key` with `azure.keyvault.certificate-path`, which points to your certificate.
+
+```properties
+azure.keyvault.uri=put-your-azure-keyvault-uri-here
+azure.keyvault.client-id=put-your-azure-client-id-here
+azure.keyvault.certificate-path=put-your-certificate-file-path-here
+azure.keyvault.tenant-id=put-your-azure-tenant-id-here
+azure.keyvault.authority-host=put-your-own-authority-host-here(fill with default value if empty)
+azure.keyvault.secret-service-version=specify secretServiceVersion value(fill with default value if empty)
+```
+
 ## Run with Maven
 ```
 cd azure-spring-boot-samples/azure-spring-boot-sample-keyvault-secrets
