Access Key Vault from functions using MSI
See original GitHub issueHi, I’d like to know if it’s possible to access the Azure Key Vault from functions using MSI (Managed Service Identity). This C# example worked for me but so far I had no luck with Node.
I was able to get the MSI token via ms-rest-azure.MSIAppServiceTokenCredentials
within my function but I’m not sure if azure-keyvault
accepts this token as credential for fetching the secrets from the Key Vault.
If that is not possible yet, are there any plans to add this feature in near future?
Thanks a lot!
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Tutorial: Use a managed identity to access Azure Key Vault
A tutorial that walks you through the process of using a Windows VM system-assigned managed identity to access Azure Key Vault.
Read more >Retrieve Azure Key Vault Secrets using Azure Functions and ...
Azure Key Vault is a cloud key management service which allows you to create, import, store & maintain keys and secrets used by...
Read more >Using MSI with Azure Functions and Key Vault | Jan-V.nl
This setting is everything you need in order to create a new service principal (identity) within the Azure Active Directory.
Read more >Accessing Key Vault from Azure Functions using Managed ...
Accessing Key Vault from Azure Functions using Managed Identities · Step 1 - Create the Function App · Step 2 - Assign a...
Read more >Using MSI to access Azure Key Vault in C# .Net - Stack Overflow
On the service side, I need to provision vms, key vault and MSI. Assign the MSI to each VMs while grant the right...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
using azure-keyvault@3.0.4 and ms-rest-azure@3.0.0
Hi, I tried to use MSI to access Key Vault following the https://github.com/Azure-Samples/app-service-msi-keyvault-node example, but when I pass the credentials that I get from loginWithAppServiceMSI to the KeyVaultClient I keep getting this error (the credentials object that I get is MSIAppServiceTokenCredentials ):
I even tried to use the loginWithUsernamePassword method in order to get a UserTokenCredentials but I keep getting the same error.
`function getKeyVaultCredentials(){ return msRestAzure.loginWithAppServiceMSI({resource: ‘https://vault.azure.net’}); }
ms-rest
is the runtime package that is responsible for making requests on the wire.ms-rest-azure
is the runtime for Azure specific stuff (authentication, polling asynchronous operations, etc.)azure-keyvault
depends onms-rest-azure
which depends onms-rest
. As you can seeazure-keyvault@3.0.4
brings with itms-rest-azure@2.6.0
which brings with itms-rest@2.5.3
. So what is happening is:So, yhy do you have top level
ms-rest-azure@3.0.0
? Why do you need to have an explicit dependency on3.0.0
version ofms-rest-azure
? Can you remove that from your package.json, delete the node_modules folder and the package-lock.json file and executenpm i
again from the root folder of your app? I am sure the problem will go away.