Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Azure AD Workload Identity is the new approach which "binds" Service Principle to service account and offer native access as long as you are using latest official Azure client library for authentication. Please follow steps just for the keyvault situation you are looking at (Ref:https://azure.github.io/azure-workload-identity/docs/quick-start.html).
Assigning managed identities will have manual steps and AKS doesn't support or endorse manually modifying resources inside the node resource group.
Hope that helps.
If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.