Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!
First published on CloudBlogs on Sep, 14 2017
Just a quick note today! I am excited to announce a preview of a new integration between Azure and Azure Active Directory that is designed to make life easier for developers. It's called
Managed Service Identity
, and it makes it simpler to build apps that call Azure services.
Typically, to call a cloud service you need to send a credential (i.e. an API key or the like) to authenticate your app. Managing these credentials can be tricky. They are, by definition, secrets! You don't want them to show up on dev/ops workstations or get checked into source control. But they must be available to your code when your code is running.
So how do you get them there without anyone seeing them? Managed Service Identities!
Managed Service Identities simplifies solves this problem by giving a computing resource like an Azure VM an automatically-managed, first class identity in Azure AD. You can use this identity to call Azure services without needing any credentials to appear in your code. If the service you are calling doesn't support Azure AD authentication, you can still use Managed Service Identity to authenticate to Azure Key Vault and fetch the credentials you need at runtime. Presto, no credentials in code!
You can read more about the
Managed Service Identity preview on the Azure blog
Alex Simons (Twitter:
Director of Program Management
Microsoft Identity Division