question

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft asked MarileeTurscak-MSFT answered

What are the different ways to authenticate to Azure Key Vault?

What are the different ways to authenticate to Azure Key Vault?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Source: What are managed identities for Azure resources?


azure-key-vault
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

There are three ways to authenticate to Azure Key Vault:

1. Managed Identities

Managed Identities are assigned to Azure resources which needs access to Azure Key Vault. This is the recommended approach as Azure automatically rotates the identity and app/service doesn’t have to manage the secret.

Refer to What are managed identities for Azure resources? to know more about managed identities.

2. Service Principal and Secret
You can use a Service Principal and a secret to access a key vault. However, not recommended as it is hard to automatically rotate the secret used to authenticate to Key Vault.

3. Service Principal and Certificate
You can use a Service Principal and associated certificates to access key vault. The application owner/developer is required to rotate the certificates.


Source: What are managed identities for Azure resources?




5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.