I would like to replace spring.datasource.password with a password from azure keyvault.

I have a project based on spring boot:

    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>3.3.1</version>

I am using dependencies :

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.azure</groupId>
            <artifactId>azure-identity</artifactId>
            <version>1.13.0</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-keyvault</artifactId>
        </dependency> 
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency> 
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
        </dependency> 
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <scope>provided</scope>
        </dependency>
       <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-keyvault-secrets</artifactId> 
        </dependency> 

I have created the config:

@Configuration
public class KeyVaultConfig {

    @Bean
    SecretClient secretClient(
            @Value("${spring.cloud.azure.keyvault.secret.endpoint}") String keyVaultUri,
            @Value("${azure.client.id}") String clientId,
            @Value("${azure.client.secret}") String clientSecret,
            @Value("${azure.tenant.id}") String tenantId) {
        ClientSecretCredential credential = new ClientSecretCredentialBuilder()
                .clientId(clientId)
                .clientSecret(clientSecret)
                .tenantId(tenantId)
                .build();

        return new SecretClientBuilder()
                .vaultUrl(keyVaultUri)
                .credential(credential)
                .buildClient();
    } 
}

This config works fine when I do not want to inject properties. For instance this code:

    @GetMapping("/status")
    public String status() {
        log.info("generating status page");
        return "read from keyvault: " + keyVaultService.getSecret("psur-db-url");
    }

works just fine. So this proves that the credentials are set correctly.

But when I try to use this setup with combination of properties:

spring.cloud.azure.compatibility-verifier.enabled=false
spring.cloud.azure.keyvault.secret.property-source-enabled=true
 
spring.datasource.url={my-secret-db-url}
spring.datasource.username=user
spring.datasource.password={my-secret-db-password}

I have tried different configurations in properties as well as configuring the ClientSecretCredential in different way. But I never managed the properties to be injected.
Currently I am getting exception

Caused by: java.lang.IllegalArgumentException: URL must start with 'jdbc'

which suggest that the url was never replaced.
I am suspecting that the SecretClient is not created with my config, because when I put a breakpoint there it is never reached. But this is just a guess.
Am I missing something in my config? Or maybe the configuration is wrong?