Badges
Tags
Categories
Meta
Tag Archives: azure managed identity
Reliable and scalable infrastructure: Secrets
This is a series of posts: Introduction Principles Layers Traffic Secrets (this post) In the previous post we’ve discussed probably the most important aspect of running a service – the handling of live traffic. Without it it’s a not a … Continue reading
Posted in Infrastructure
Tagged azure, azure active directory, azure key vault, azure managed identity, book, x509 certificate
Leave a comment
How to get secret from Key Vault using PowerShell and Managed Identity
First you need to acquire a token using Managed Identity by calling the local Instance Metadata Service (IMDS) endpoint: Note that audience must match the service you’re calling and is different from example calling ARM. Then call the Key Vault … Continue reading
How to assigned permissions for user-assigned managed identity on multiple subscriptions in bulk
First get the subscriptions you want to assign permissions on: Then get the client id of the identity you to assign permissions for: Now perform the actual permissions assignment: That’s it, folks!
3 ways to assign access policy for user-assigned managed identity on key vault using ARM template
This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading
How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template
On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading
How to create user-assigned managed identity, Key Vault, assign access policy using ARM template
There is already a plenty of materials about managed identities in Azure. But how to create a user-assigned managed identity and grant it the access to a key vault using an ARM template? I tried to find any references but … Continue reading