In this post I will explain what managed Identities are.
What is a managed identity?
Managed Identity is a way to authenticate at a Azure Resource.
Applications can use managed identities to obtain Microsoft Entra tokens without having to manage any credentials .
For example; An application running on Azure has credentials for each workload of the application.
So that these credentials can be securely stored, you create an Azure KeyVault.
But, somehow the application needs to access this KeyVault.
That’s when managed identity comes in.
With the managed identity, the application can obtain all centrally managed credentials from the KeyVault without any need of secrets and/or certificates.
What are the benefits?
- There’s no need to manage credentials for accessing Azure Resources. These credentials aren’t even accessible for you!
- Managed Identities can be used to authenticate to any resource that supports Micrsoft Entra authentication
- They’re free of charge
What are the pitfalls?
- Only Azure Resources (who support Entra ID authentication) can use managed identities
Note: If you need to authenticate from Workloads who do not support Microsoft Entra authentication, you can use workload identity federation (WIF). Here you can find, the blog post about WIF.
What type of managed identity are there?
- System-assigned; Some Azure Resource, for example VMs allow you to create a managed identity directly on the resource. So only this resource can use this identity to request token. In addition it is assigned with this resource, so if you delete the resource you also will delete the managed identity.
- User-assigned; These identities are created standalone and can bi assigned to one or more Azure Resources
Source used in this post:
Managed identities for Azure resources – Managed identities for Azure resources | Microsoft Learn
