How to Authenticate to Azure Key Vault using Azure.Identity from Local Docker Container

Jeremiah Adams 171 Reputation points
2021-05-19T21:55:43.167+00:00

I am working to containerize a .NET Core MVC application. This application currently accesses Key Vault to fetch the Client Secret for the app. This all works fine when deployed to an Azure App Service.

Now I'm working to containerize and test locally prior to pushing to my first Azure Kubernetes Service. Where I am running into problems is with debugging from inside the container. Inside the container I do not have access the ManagedIdentityCredential nor the VisualStudioCredential. The CLI doesn't exist on the the container so that Credential will fail in the chain as well. The only Credential object that looks viable is the EnvironmentCredential.

The problem with the EnvironmentCredential is that I have to pass the Client Secret as an environment variable. This makes it very likely for developers to check a secret into source control which is the entire problem I am trying to solve.

See https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/identity/Azure.Identity#environment-variables

What are the best practices here for debugging Azure.Identity related code inside a local docker container?

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,357 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,852 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,436 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. shiva patpi 13,131 Reputation points Microsoft Employee
    2021-05-21T06:00:37.75+00:00
    0 comments