Azure Key Vault (RBAC) and Local Developers?
Hey peeps,
I'm looking for a good solution pathway for a problem I'm encountering.
I'm currently trying to integrate Azure Key Vault for secrets storage on the development team side. There realistically is (this is opinionated) no better option to keep secrets from even the team (which is a requirement in my project). The issue, is that Azure is moving in favor of RBAC but the .NET support is still referencing Access Policies with certificates to gain access to vaults (https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-8.0)
Managed Identities are easy here but only work once the application is running in the Azure Service Fabric and I need to authenticate with RBAC for User Identities that exist in Entra from my local development machines.
The true issue here is when you enable RBAC for Azure Key Vault you disable Access Policies and vice versa.
Any thoughts would be appreciated.
I'm looking for a good solution pathway for a problem I'm encountering.
I'm currently trying to integrate Azure Key Vault for secrets storage on the development team side. There realistically is (this is opinionated) no better option to keep secrets from even the team (which is a requirement in my project). The issue, is that Azure is moving in favor of RBAC but the .NET support is still referencing Access Policies with certificates to gain access to vaults (https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-8.0)
Managed Identities are easy here but only work once the application is running in the Azure Service Fabric and I need to authenticate with RBAC for User Identities that exist in Entra from my local development machines.
The true issue here is when you enable RBAC for Azure Key Vault you disable Access Policies and vice versa.
Any thoughts would be appreciated.
