diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
index caf3c8a43b4..ee2909d5b6a 100644
--- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
@@ -3,12 +3,20 @@
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
+/**
+ * Get configuration from, in prioritized order:
+ *
+ * - {@code AZURE_APP_CLIENT_[ID|SECRET]} (provided by NAIS when running in pod)
+ * - {@code spring.security.oauth2.client.registration.aad.client-[id|secret]} (configured when running locally)
+ * - {@code null} (for test purposes)
+ *
+ */
@Configuration
public class AzureNavClientCredential extends ClientCredential {
public AzureNavClientCredential(
- @Value("${spring.security.oauth2.client.registration.aad.client-id:#{null}}") String clientId,
- @Value("${spring.security.oauth2.client.registration.aad.client-secret:#{null}}") String clientSecret
+ @Value("#{systemProperties['AZURE_APP_CLIENT_ID'] ?: '${spring.security.oauth2.client.registration.aad.client-id:#{null}}'}") String clientId,
+ @Value("#{systemProperties['AZURE_APP_CLIENT_SECRET'] ?: '${spring.security.oauth2.client.registration.aad.client-secret:#{null}}'}") String clientSecret
) {
super(clientId, clientSecret);
}