Menu
I have a C# app running in a linux docker container in Azure App Services that gets it's configuration information from Azure Key vault.
In the past we did this:
config.AddAzureKeyVault(builtConfig["Azure:Auth:Vault"],
builtConfig["Azure:Auth:ClientId"], builtConfig["Azure:Auth:ClientSecret"]);
We've been trying to, instead, use managed identity. So I:
Added the AppAuthenication library from nuget.
Updated my code like this:
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(builtConfig["Azure:Auth:Vault"], keyVaultClient,
new DefaultKeyVaultSecretManager());
But when we put this into Azure App Services by updating the container, it just hangs trying to start the app. Nothing happens and eventually it times out.
I can find lots of documentation for direct app services, but nothing different for containers. It appears to say that it's supported however.
What am I missing for making this work for linux containers in App Services?
Even turning on managed identity causes the container to never respond to ping checks let alone start properly.
960
Select the key vault you created in the Secret storage in the Production environment with Azure Key Vault section. Select Access policies. Select Add Access Policy. Open Secret permissions and provide the app with Get and List permissions.
At the moment this does not seem to be supported. What I did to validate this statement:
Created two instances with a system assigned identity:
Deployed the same exact code to get a token through curl.
It worked as expected on the VM, but it did not work on the custom image.
It is unfortunate that Azure does not provide managed identities on its managed services as advertised.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
