locked
Accessing Authentication to token to access Azure KayVault Secret RRS feed

  • Question

  • Hi

    In my Web API app i have enabled System Assigned Identity,And provided access to System Assigned identity to read secret from KayVault

    my web application need to get Authenticationtoken to access the Kay vault.

    I can get the token if i have CLIENTID, CLIENTSECRET for my system assigned identity,for system assigned identity how can i get the CLIENTID, CLIENTSECRET

    Monday, April 20, 2020 12:30 AM

Answers

  • Hello Amarnath , 

    If you are using web API app and have enabled system Assigned Identity , I am assuming that you have enabled the Managed Identity on the app resource. I do not think you will need a separate client Secret and Client ID to get a token . You can use the internal IMDS service to directly get a token for the resource (in this case the app) . The whole point of Managed Identity was to avoid saving the secret in code or the need to fetch the code from Keyvault . I am not sure of your use case but I think you do not need to use client ID and Client Secret . Please check the section how to obtain token from the Azure Instance Metadata Service to access any supported Azure Resource (in your case , it can be app service or functions app accessing key vault  etc. ). That section should provide you clarity . Creating a system assigned Managed Identity creates a service principal which is accessing from azure portal by going to Azure Active Directory > enterprise Applications > <Managed Identity Name>  , but a corresponding entry in the app registration blade is not seen hence you would not be able to create a client secret for the same as far as I think. 

    I hope this clarifies your query. Should you have any further queries , please let us know. In case you have any further queries, feel free to let us know. If the information in this post is helpful , please do mark it as answer so that it can help other members searching for similar queries. 

    We have introduced a new question/answer and learning platform for Azure Products and will be migrating from MSDN to Microsoft QnA soon. I would like to encourage you to check out the new platform. 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    Monday, April 20, 2020 7:12 PM