Hello,
we have an artifact which mounts a file share from a specific storage account, as described here: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows. That works fine. The bad thing with this approach is, that the storage account key must be stored in cleartext inside the powershell script. To avoid that, I have set up a keyvault with the secrets I want to use. But how can I connect to a keyvault inside an artifact? As far as I know, artifact installation always runs under the "NT_Authority\System" account. Sure, I could do a "Connect-AzAccount", but that Cmdlet needs a credential object aswell. Can I run an artifact under a user principal, which has access to the keyvault? Or are there better ways to do this?
Any help is appreciated.
][2]