Tag Archives: azure key vault
First you need to acquire a token using Managed Identity by calling the local IMDS endpoint: Note that audience must match the service you’re calling and is different from example calling ARM. Then call Key Vault REST API to get … Continue reading
This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading
How to set access policy on Key Vault in another subscription aka How to deploy to resource group in another subscription using ARM template?
The model for my Service Fabric infrastructure consists of two major parts: Data Center (think Azure region) Scale Unit (think Service Fabric cluster and its child resources) But today due to the limitation around AAD first party application we decided … Continue reading
How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template
On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading