Tag Archives: azure key vault
This is a series of posts: Introduction Principles Layers Traffic Secrets (this post) In the previous post we’ve discussed probably the most important aspect of running a service – the handling of live traffic. Without it it’s a not a … Continue reading
First you need to acquire a token using Managed Identity by calling the local Instance Metadata Service (IMDS) endpoint: Note that audience must match the service you’re calling and is different from example calling ARM. Then call the Key Vault … Continue reading
This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading
How to set access policy on Key Vault in another subscription aka How to deploy to resource group in another subscription using ARM template?
The model for my Service Fabric infrastructure consists of two major parts: Data Center (think Azure region) Scale Unit (think Service Fabric cluster and its child resources) But today due to the limitation around AAD first party application we decided … Continue reading
How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template
On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading