-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support repository-azure snapshot plugin with "managed identity" #89633
Comments
Pinging @elastic/es-distributed (Team:Distributed) |
I put together a POC on a fork here. First time working in Java, and this repo is pretty complicated, but it's working for me. Maybe somebody could take over who is more familiar, or help me work through some of the non-code changes needed. I think it could be done more cleanly but adding new settings and whatnot, but as a first time contribution, that wasn't as well documented at first glance. |
Bump? Any thoughts, should I open a PR? |
I would try a PR, than it gets more visible to the maintainers ;-) |
@artificial-aidan Any PR out yet? |
No, but I've been running the code in production since I made this issue, no problems. |
You mean you've been running a build from your repo/branch, containing your changes to support workload identity, in production? |
I do not use pod identities, but it might work. It just uses the default methods of loading credentials. For workload identities it works fine. |
Description
Microsoft is recommending Managed Identities as a superior way of authorizing access.
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials.
Azure Blob Storage supports Azure Active Directory (Azure AD) authentication with managed identities for Azure resources. Managed identities for Azure resources can authorize access to blob data using Azure AD credentials from applications running in Azure virtual machines (VMs), function apps, virtual machine scale sets, and other services. By using managed identities for Azure resources together with Azure AD authentication, you can avoid storing credentials with your applications that run in the cloud.
I think this issue is different from #69075 where it requests https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity for Kubernetes Service only. But if we can resolve these two issues with a similar approach, that would be great.
The text was updated successfully, but these errors were encountered: