Is it possible to use ACR ExportPipeline/ImportPipeline without SAS tokens and KeyVault policies?
I'm trying to solve the problem of copying images from ACR instance located in subscription A to ACR instance located in subscription B. Both of those ACRs don't have public access, so I've discovered preview functionality called ExportPipeline which seem to solve my issue.
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-transfer-cli
When I was trying to use this approach, I've discovered this guide points at a legacy Key Vault policy setup guide and commands provided in this guide are not relevant anymore.
At the same time, az acr export-pipeline create
command requires --secret-uri
to be provided. Is it possible to use export/import pipelines without SAS tokens for storage accounts, relying on EntraID and managed identity that has proper role assignments on ACR and storage account levels?