Tag Archives: azure key vault

How to get secret from Key Vault using PowerShell and Managed Identity

First you need to acquire a token using Managed Identity by calling local endpoint: Note that audience must match the service you’re calling and is different from example calling ARM. Then call Key Vault REST API to get the secret: … Continue reading

Posted in Programming | Tagged , , | Leave a comment

3 ways to assign access policy for user-assigned managed identity on key vault using ARM template

This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to set access policy on Key Vault in another subscription aka How to deploy to resource group in another subscription using ARM template?

The model for my Service Fabric infrastructure consists of two major parts: Data Center (think Azure region) Scale Unit (think Service Fabric cluster and its child resources) But today due to the limitation around AAD first party application we decided … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template

On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment