stackoom
  简体   繁体   中英

How to enable User Assigned Managed Identity to existing Azure Service Fabric Cluster & Connect to Azure Key Vault to read secrets?

 原文  2021-01-16 16:08:16       azure/ azure-active-directory/ azure-service-fabric/ identity/ azure-managed-identity

Question

Have an existing Azure service fabric instance, which host multiple applications apart from our application. At present application hosted on Azure service fabric is connecting to Keyvault using Azure AD application using certificates.

Would like to upgrade by connecting to Azure Key Vault using Managed Identity. But enabling System Assigned Managed Identity is not the option as the target Azure service fabric instance is not dedicated to our application alone but it is a shared environment which hosts multiple application of other projects too.

So other option, is to enable User Assigned Managed Identity.

But, how to enable User Assigned Managed Identity on existing Azure service fabric instance via Power-shell or other easiest way?

How application on existing Azure service fabric instance authenticate itself to Azure Key Vault instance programmatically (c#) to access its secrets?

1 answers

solution1
 0 ACCPTED  2021-01-19 02:31:57

how to enable User Assigned Managed Identity on existing Azure service fabric instance via Power-shell or other easiest way?

If you want to use user-assigned MSI in service fabric, there are two ways:

  1. Azure Service Fabric clusters are hosted on Virtual Machine Scale Sets, so you can leverage the MSI of VMSS, reference here , via powershell or portal .

  2. Enable the Managed Identity Token Service on the cluster firstly, then deploy Service Fabric application with a User-Assigned Managed Identity , they can just be available via ARM template currently.

How application on existing Azure service fabric instance authenticate itself to Azure Key Vault instance programmatically (c#) to access its secrets?

To access azure keyvault secret, you could use ManagedIdentityCredential of Azure.Identity to auth, make sure you have already added the MSI to the access policy of the keyvault .

var client = new SecretClient(vaultUri: new Uri(keyVaultUrl), credential: new ManagedIdentityCredential());
KeyVaultSecret secret = client.SetSecret("secret-name", "secret-value");
secret = client.GetSecret("secret-name");

See samples here and here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Reading secrets in Azure Synapse from Azure Key Vault using Python SDK and user- or system-assigned managed identity Azure Function w/ User-Assigned Managed Identity retrieves secrets from Key Vault works locally but fails in Azure Portal How to use user-assigned managed identity to access Key Vault for Function App Config in Azure Not able to read Azure Key Vault secret value using System Assigned Managed Identity in Azure How to access Key Vault with Azure Managed Service Identity in node? Read secrets from Azure Key Vault using Managed Identity in PowerShell script Azure Key Vault or Managed Identity for Service-To-Azure-Service Accessing managed secrets in Azure Key Vault with RBAC? Azure Key Vault with Managed Service Identity on self Hosted Web App How to enable “system assigned” identity and update the key vault to add new access policy azure cli
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM