Tag Archives: azure managed identity
This is a series of posts: Introduction Principles Layers Traffic Secrets (this post) In the previous post we’ve discussed probably the most important aspect of running a service – the handling of live traffic. Without it it’s a not a … Continue reading
First you need to acquire a token using Managed Identity by calling the local IMDS endpoint: Note that audience must match the service you’re calling and is different from example calling ARM. Then call Key Vault REST API to get … Continue reading
First get the subscriptions you want to assign permissions on: Then get the client id of the identity you to assign permissions for: Now perform the actual permissions assignment: That’s it, folks!
This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading
How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template
On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading
There is already a plenty of materials about managed identities in Azure. But how to create a user-assigned managed identity and grant it the access to a key vault using an ARM template? I tried to find any references but … Continue reading