Oct 04 2019 10:18 PM - edited Oct 04 2019 10:20 PM
I'm running PowerShell in the context of an Azure Web App that has a System Managed Service Identity configured. Currently, I can access the Key Vault by doing this:
$MsiHeader = @{'Secret' = $env:MSI_SECRET}
$VaultResource = "<a href="https://vault.azure.net" target="_blank">https://vault.azure.net</a>"
$ApiVersion = "2017-09-01"
$VaultUri = "{0}?resource={1}&api-version={2}" -f $env:MSI_Endpoint, $VaultResource, $ApiVersion
$VaultHeader = @{ Authorization = "Bearer $($VaultAuth.access_token)" }
$Secret = Invoke-RestMethod "<a href="https://MyVault.vault.azure.net/secrets/testsecret?api-version=7.0" target="_blank">https://MyVault.vault.azure.net/secrets/testsecret?api-version=7.0</a>" -Headers $VaultHeader
This works just fine for accessing the vault, but is it possible to use the MSI to connect to Azure resources using the Az PowerShell module? If so, how can this be done? I can't quite seem to figure out how to do this properly. I've tried hacking at it like this:
$MsiHostName,$MsiPort = $env:MSI_ENDPOINT -replace 'http://' -replace '/MSI/token/' -split ':'
$null = Connect-AzAccount -ManagedServiceHostName $MsiHostName -ManagedServicePort $MsiPort -ManagedServiceSecret $env:MSI_SECRET
But this doesn't seem to work and I can't find any examples of this on the web. Any help with this is much appreciated!
Nov 16 2019 01:29 AM - edited Nov 16 2019 01:35 AM