Clarifying the Use of DefaultAzureCredential with System-Assigned Managed Identity for Azure Key Vault Access #78
Conversation
Added changes to clarify System Identity vs Managed Identity explicitly
…llOut Update tutorial-net-create-vault-azure-web-app.md
|
@apurvghai : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
azure-key-vault/svc
Change sent to author
general/subsvc
labels
|
Learn Build status updates of commit 7e60f22: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
@msmbaldwin Could you review this proposed update to your article and enter Thanks! |
|
Can you review this old PR and determine whether it needs to be closed or merged? @MicrosoftDocs/public-repo-pr-review-team |
|
I sent an email to the content owner today. @MicrosoftDocs/public-repo-pr-review-team |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
Can we please get this reviewed and merged? |
| Add the following lines before the `app.UseEndpoints` call (.NET 5.0 or earlier) or `app.MapGet` call (.NET 6.0), updating the URI to reflect the `vaultUri` of your key vault. This code uses [DefaultAzureCredential()](/dotnet/api/azure.identity.defaultazurecredential) to authenticate to Key Vault, which uses a token from managed identity to authenticate. For more information about authenticating to Key Vault, see the [Developer's Guide](./developers-guide.md#authenticate-to-key-vault-in-code). The code also uses exponential backoff for retries in case Key Vault is being throttled. For more information about Key Vault transaction limits, see [Azure Key Vault throttling guidance](./overview-throttling.md). | ||
| Add the following lines before the app.UseEndpoints call (.NET 5.0 or earlier) or `app.MapGet` call (.NET 6.0), updating the URI to reflect the `vaultUri` of your Key Vault. This code uses [DefaultAzureCredential()](/dotnet/api/azure.identity.defaultazurecredential) to authenticate to Azure Key Vault. By default, this credential attempts to use the system-assigned managed identity of the hosting environment. If a user-assigned managed identity is configured, it will be used instead. For more information about authenticating to Key Vault, see the [Developer's Guide](./developers-guide.md#authenticate-to-key-vault-in-code). The code also uses exponential backoff for retries in case Key Vault is being throttled. For more information about Key Vault transaction limits, see [Azure Key Vault throttling guidance](./overview-throttling.md). | ||
|
|
||
| The code also implements exponential backoff for retries in case Key Vault is being throttled. For more information about Key Vault transaction limits, see ./overview-throttling.md. |
There was a problem hiding this comment.
| The code also implements exponential backoff for retries in case Key Vault is being throttled. For more information about Key Vault transaction limits, see ./overview-throttling.md. | |
| The code also implements exponential backoff for retries in case Key Vault is being throttled. For more information about Key Vault transaction limits, see [Azure Key Vault throttling guidance](./overview-throttling.md). |
@apurvghai In the public repo, pull requests should be signed off by the author, another member of the content team, or a PM. @msmbaldwin Could you take a look? Thanks! |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
I sent a Teams message to the content owner today. @MicrosoftDocs/public-repo-pr-review-team |
This update explicitly calls out the use of system-assigned managed identity as the default authentication method when using DefaultAzureCredential. This clarification helps developers correctly configure RBAC roles for Azure Key Vault access by understanding which identity is being used under the hood. It reduces ambiguity and ensures that the right permissions are granted to the appropriate identity in managed environments.