Menu
I have an app with 2 slots. I have stored connection strings in the key vault. I have enabled MSI on the app and 2 slots. Also, within the vault's access policy, I have added the app (production slot). However I am not able to add the slots to the access policy. E.g. My app's name is XYZ20180706 and the slots are XYZ20180706/dev and XYZ20180706/test. But when I type in XYZ20180706/dev or XYZ20180706-dev in the service principal, it is not found.
How do I create an access policy for a deployment slot?
Just having it enabled on the main slot is not enough. I currently get access denied (to vault) if I deploy the app to the dev slot and run it.
Thanks.
216
Go to your app's resource page. Select Deployment slots > <desired source slot> > Configuration > General settings. For Auto swap enabled, select On. Then select the desired target slot for Auto swap deployment slot, and select Save on the command bar.
Authorize the Web App/App Service to access Your Key Vault a. Select "Access policies" from the "Key Vault" screen. b. Click "Add Access Policy".
AFAIK, we could access it after enabling MSI for deployment slot, you could check my test steps.
1.I have two slots, then I enable MSI of both of them in the portal.
You could check them in the Azure Active Directory -> Enterprise applications in the portal, refer to the screenshot.
Note: You should specify the Application Type option with All Applications when you are searching.
3.Add Add access policy in the azure keyvault, you could find the slots in the principle (hover your cursor over it).
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
