DEV Community

Kenichiro Nakamura
Kenichiro Nakamura

Posted on

Read Certificate from Key Vault from Azure App Service by using Managed Identity

#azure #tips #security #appservice

We often use Azure Web App and Key Vault together to protect keys/secrets/certificates.

To read certificates from Key Vault by using system assigned managed identity of App Service, there are several things to do.

Enable Managed Identity

From WebApp, enable managed identity.

Image description

Grant Access in KV

From Key Vault access policy, assign certificate get permission (or any other additional required permissions) for the managed id.

WEBSITE_LOAD_USER_PROFILE for Configuration

From WebApp configurations menu, add WEBSITE_LOAD_USER_PROFILE application setting and set value to 1.

Top comments (0)

Read next

palomino profile image

Opaque token vs JWT

Palomino -

exein profile image

Pulsar preventing vulnerabilities #1 — polkit (CVE-2021–4034)

Exein -

aws-cloudsec profile image

Issue 64 of AWS Cloud Security Weekly

AJ -

arturschneider profile image

Securing and enhancing LLM prompts & outputs: A guide using Amazon Bedrock Guardrails and open-source solutions

Artur Schneider -