WebApps calling KeyVault for secrets

%3CLINGO-SUB%20id%3D%22lingo-sub-1538432%22%20slang%3D%22en-US%22%3EWebApps%20calling%20KeyVault%20for%20secrets%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538432%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20web%20app%20that%20needs%20to%20look%20up%20key%2Fvalues%20in%20the%20key%20vault.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20assigned%20identity%20to%20the%20web%20app%20and%20set%20permissions%20on%20KeyVault%2C%20but%20do%20I%20still%20need%20to%20enable%20access%20on%20the%20key%20vault%20firewall%20for%20the%20outbound%20IP%20of%20the%20WebApp%3F%20Hard%20to%20manged%20if%20the%20WebApp%20is%20stopped%20as%20the%20IP%20will%20change%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20better%20way%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1538432%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApp%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EKeyVault%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Hi, 

 

I have a web app that needs to look up key/values in the key vault. 

I have assigned identity to the web app and set permissions on KeyVault, but do I still need to enable access on the key vault firewall for the outbound IP of the WebApp? Hard to manged if the WebApp is stopped as the IP will change? 

 

Is there a better way?

0 Replies