Access Key Vault from local Service Fabric cluster with MSI

怎甘沉沦 提交于 2019-11-30 15:35:15

I am assuming you are using the Microsoft.Azure.Services.AppAuthentication library to get a token using MSI to authenticate to Key Vault, and this is working on Azure. If so, you can run the same exact code on local development environment. The library will automatically switch to using MSI on Azure. You can find documentation here

Note: Local development for MSI scenarios is much easier when developing applications that run under the current user, e.g. App Services. In such cases you can use Azure CLI/ Visual Studio account for local development. You do not need to create a separate service principal. Azure CLI/ Visual Studio do not work for Service Fabric local development, since local cluster runs under Network Service account.

For Service Fabric scenarios, please follow these steps:

  1. Create a service principal and give access to Key Vault. You have two options. Certificate is better w.r.t security, but slightly harder to do.

    Option 1: Create a service principal with a certificate. Make sure you give Network Service account or whatever account is used to run fabric locally access to the certificate. Refer for details on how to give access.

    OR

    Option 2: Create a service principal with a password

  2. Create an environment variable called “AzureServicesAuthConnectionString”. Refer this on creating environment variables for service fabric.

    If using certificate, set "AzureServicesAuthConnectionString" to

    RunAs=App;AppId={AppId};TenantId={TenantId};CertificateThumbprint= {Thumbprint};CertificateStoreLocation={LocalMachine or CurrentUser}

    If using password, set "AzureServicesAuthConnectionString" to

    RunAs=App;AppId={AppId};TenantId={TenantId};AppKey={ClientSecret}

If above steps do not work, please post the error you get.

Managed Service Identity is focused on resources that are running on Azure. We don't have a way to support local development environments.

Thanks, -Arturo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!