0
I have created a custom Linux app service container.
The docker image has azure CLI installed and port numbers 80, 2222 are opened.
I have created a system-assigned identity for the key vault.
I could see the env variables related to the key vault. 
The system assigned identities have permissions to GET, LIST operations of key vault also added to the principal.
But when my app tries to fetch the keys from the key vault it's not working.

enter image description here

MallRoy
  • 1
  • 2

1 Answers1

0

I don't think your are supposed to connect to AKV using the terminal inside a container, better to use one of the SDK's for your language to get the keys using the credentials that you pass to the container.

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40
  • The issue is I don't have access to the credentials that are passed to the container. In the kudu console, I could see IDENTITY_ENDPOINT = [Managed identity has been configured. This value is not viewable in Kudu but is exposed to the app.] IDENTITY_HEADER = [Managed identity has been configured. This value is not viewable in Kudu but is exposed to the app.] MSI_ENDPOINT = [Managed identity has been configured. This value is not viewable in Kudu but is exposed to the app.] MSI_SECRET = [Managed identity has been configured. This value is not viewable in Kudu but is exposed to the app.] – MallRoy Apr 28 '21 at 13:32
  • When I host containers in Azure App Services or as Container Instances, I pass the credentials to it as Environment variables. I have never used managed identity with containers. – Tore Nestenius Apr 28 '21 at 13:35
  • The idea here is the key vault can be accessed only with the identities. It can be user based or system based. – MallRoy Apr 28 '21 at 13:38