Managed Identity (MI) service has been around for a little while now and is becoming a standard for providing applications running in Azure access to other Azure resources. We’re going to be taking a look at using MI in a few areas in the future, such as Kubernetes pods, so before we do, I thought it was worth a primer on MI. Managed Service Identity has recently been renamed to Managed Identity.
Azure App Service Certificates provide a convenient way to purchase SSL certificates and assign them to Azure Apps right from within the portal, but one question I see a lot is whether it is possible to use this certificate elsewhere, outside of the app service, particularly if you have purchased a wild-card certificate. The certificate provided by App Service Certificates isn’t anything special, it’s a pretty standard SSL cert, the service just provides a nice easy way to provision it and assign it to your web service.
Following on from my post on joining Azure batch pools to a vNet, this leads on to a requirement to access resources on the vNet and this means credentials are needed. Rather than hard-coding these credentials in scripts, we want to obtain these from a secure storage location on demand and this is where Azure KeyVault comes in, providing a secure, encrypted storage location for our credentials. Obviously there is no point putting your admin credentials in KeyVault, then hard-coding credentials to access KeyVault in your script, so the solution is to use a certificate to give your batch VM’s access to KeyVault.