ManagedIdentityCredential authentication unavailable, no managed identity endpoint found

Lior 26 Reputation points
2021-05-03T11:16:46.667+00:00

Im trying to allow an app service (python web app) to get secrets from azure keyvault without the usage of hardcoded client id/secrets, therefore I`m trying to use ManagedIdentity.

I have enabled system & user assigned functions in my service app
I have created a policy in vault where the service app is granted access to the secrets

code: 

credentials_object = ManagedIdentityCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credentials_object)
value = client.get_secret('MYKEY').value

error (when app is deployed and when running locally):
azure.identity._exceptions.CredentialUnavailableError: ManagedIdentityCredential authentication unavailable, no managed identity endpoint found.

What am I missing? Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saurabh Sharma 23,671 Reputation points Microsoft Employee
    2021-05-05T00:54:53.37+00:00

    Hi @Lior ,

    Thanks for using Microsoft Q&A !!
    If you are running from your local development environment then the code try to access Azure key vault using developer context and not the managed identity (which is available in Azure) and thus you are getting this error as you need to grant yourself(or the user you are using to access the key vault) permissions to access the key vault to test in your local environment.
    Please try running the same after deploying it to Azure app service. You can also refer to this Python sample to get the steps to test your code in your local environment without using managed identity. This code use function get_key_vault_credentials to use the environment variables if MSI Authentication is unsuccessful.

    Please let me know if you have any other questions.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    Thanks
    Saurabh

    2 people found this answer helpful.
  2. Lior 26 Reputation points
    2021-05-07T08:27:24.01+00:00

    Im still trying to figure it out, looks like everything is set up correctly and still I get "ManagedIdentityCredential authentication unavailable, no managed identity endpoint found"

    @Saurabh Sharma and @Vignesh Rajaram - please let me know if you figure this up

    Thanks!

    2 people found this answer helpful.
    0 comments
  3. Sachin Yaduwanshi 1 Reputation point
    2021-07-14T14:56:42.097+00:00

    I am trying to access storage blob from azure function using UserManaged identity. have followed exact same steps mentioned in "https://www.youtube.com/watch?v=vYUKC0mZFqI".

    When I try to debug from my local I get below error. I have signin to Visual Studio and I have admin access to resources.

    DefaultAzureCredential failed to retrieve a token from the included credentials.

    • EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
    • ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
    • Process "C:\Program Files\Microsoft Visual Studio\2022\Preview\Common7\IDE\Extensions\3fhsnrhg.f0v\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, Could not load file or assembly 'Microsoft.VisualStudio.Validation, Version=16.8.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040).
    • Stored credentials not found. Need to authenticate user in VSCode Azure Account.
    • Azure CLI not installed
    • PowerShell is not installed.