A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials.
While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Microsoft Entra ID for applications to use when connecting to resources that support Microsoft Entra authentication. Applications can use managed identities to obtain Microsoft Entra tokens without having to manage any credentials.
Here are some of the benefits of using managed identities:
There are two types of managed identities:
System assigned: Some Azure resource types, such as Azure Database for PostgreSQL flexible server, allow you to enable a managed identity directly on the resource. They're referred to as system assigned managed identities. When you enable a system assigned managed identity:
A service principal of a special type is created in Microsoft Entra ID for the identity. The service principal is tied to the lifecycle of that Azure resource. When the Azure resource is deleted, Azure automatically deletes the service principal for you.
By design, only that Azure resource can use this identity to request tokens from Microsoft Entra ID.
You can authorize the service principal associated to the managed identity to have access to one or more services.
The name assigned to the service principal associated to the managed identity is always the same as the name of the Azure resource for which it's created.
User assigned: Some Azure resource types also support the assignment of managed identities created by the user as independent resources. The lifecycle of these identities is independent from the lifecycle of the resources to which they're assigned. They can be assigned to multiple resources. When you enable a user assigned managed identity:
A service principal of a special type is created in Microsoft Entra ID for the identity. The service principal is managed separately from the resources that use it.
Multiple resources can utilize user assigned identities.
You authorize the managed identity to have access to one or more services.
System assigned managed identity for an Azure Database for PostgreSQL flexible server is used by:
managed-identity authentication type. For more information, see how to configure the azure_storage extension to use authorization with Microsoft Entra ID.User assigned managed identities configured for an Azure Database for PostgreSQL flexible server can be used for:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4