0

I have a machine learning model deployed on azure container instance and I need to access to key vault. When i use command below

credential = DefaultAzureCredential()

It can't authenticate thus i cannot reach my secrets.

How can i reach keyvault inside azure container instance?

kuti
  • 21
  • 3
  • Does [this](https://stackoverflow.com/questions/66673896/docker-container-app-service-in-azure-how-to-use-defaultazurecredential-for-key) top answer help at all? – Tom W Aug 04 '21 at 08:47

1 Answers1

1

There are some restrictions on using an MSI in an Azure Container as it's in preview:

https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity

Since DefaultAzureCredential() isn't working, you should test the ability to get a token from the MSI endpoint using a plain HTTP call. This CURL command should give you an idea on how to do that:

token=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -H Metadata:true | jq -r '.access_token')

One you have the token then you can manually call the Key Vault client over HTTP/REST commands to get the secret you require.

https://learn.microsoft.com/en-us/rest/api/keyvault/

Matt Small
  • 2,182
  • 1
  • 10
  • 16