Menu
What is the benefit of using Managed Identity to access Azure services? What I often see mentioned is that thanks to this you don't commit secrets to configuration files. But I'm deploying all resources using ARM templates and I also don't have any secrets in my configuration files. Settings like connection strings are set during deployment. The only difference I see here is that with Managed Identity even if someone goes to Azure portal he will not be able to get login and password to my DB for example. But this person already has access to my subscription. So is this a problem?
What else do Managed Identities give me?
941
It's not only about the config secrets that are stored or not, it's also about how many secrets need to be stored and managed.
When you create a managed identity, specifically a system-assigned managed identity, no one on your team will have to manage, or even have access to, the secrets related to the identity of the application. The identity is issued, and you are able to provide it access to various resources, such as key vault. No else will be able to use the app's identity take advantage of that access.
If you use a managed service identity in conjunction with something like key vault, you can also more easily limit the number of people that have access to config secrets. You can provide access to the vault to only a few, and still allow others to view/edit the app and its non-secret config.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
