Azure Managed Identity
Posted in cloud on September 1, 2024 by Adrian Wyssmann ‐ 2 min read
Managing secrets and credentials manually is cumbersome and error prone so what if you can make that easier? At least in azure you can do so using managed identities.
What is managed identities?
Resources usually need secrets (secrets7credentials/certificates/keys) to communicate with other resources. While (in Azure) you can securely store these in an Azure Key Vault, as a developer you still have to configure your applications accordingly - means you probably copy around these secrets. With Managed identities this is not necessary anymore, as it will provide an automatically managed identity in Microsoft Entra ID for applications. An application can use this to connect to resources, by obtaining Microsoft Entra tokens without having to manage any credentials.
Managed identity types
There are two types of managed identities: System-assigned and User-assigned. Here the overview from What are managed identities for Azure resources?:
Property | System-assigned managed identity | User-assigned managed identity |
---|---|---|
Creation | Created as part of an Azure resource (for example, Azure Virtual Machines or Azure App Service). | Created as a stand-alone Azure resource. |
Life cycle | Shared life cycle with the Azure resource that the managed identity is created with.When the parent resource is deleted, the managed identity is deleted as well. | Independent life cycleMust be explicitly deleted. |
Sharing across Azure resources | Can’t be shared.It can only be associated with a single Azure resource. | Can be shared.The same user-assigned managed identity can be associated with more than one Azure resource. |
Common use cases | Workloads contained within a single Azure resource.Workloads needing independent identities.For example, an application that runs on a single virtual machine. | Workloads that run on multiple resources and can share a single identity. |
What’s next
While working with Kubernetes and Azure AKS a very interesting use case is the use of managed identities for managing secret. Hence follow up on the following post External Secrets and Azure Identity Workload