Source: devblogs.microsoft.com
Demystifying Service Principals – Managed IdentitiesCategory: Business, Security, Terraform, automation
Hey friends, In this article, I want to clarify one of the more confusing concepts in Azure and more specifically around the Azure Identity objects known as Service Principals and Managed Identities. Azure AD is the trusted Identity Object store, in which you can create different Identity Object types.
An application whose tokens can be used to authenticate and grant access to specific Azure resources from a user-app, service or automation tool, when an organization is using Azure Active Directory…
Let me show you the command syntax out of Azure CLI to achieve this: resulting in this outcome: Copy this information aside; in the example of an Azure DevOps Service Connection, this information would be used as follows: where you just need to copy the correct information in the corresponding parameter fields: And using a Terraform deployment template file (or terraform.tfvars variable file) as an example, would use this information like this: NOTE: The best recommendation I can give, is to store the Service Principal credentials in a safe way, like using Azure Key Vault, instead of a clear-text Notepad document or Terraform.tf file
In this post, I wanted to clarify the use case, difference and similarities between Service Principals and Managed Identities.
An application whose tokens can be used to authenticate and grant access to specific Azure resources from a user-app, service or automation tool, when an organization is using Azure Active Directory…
Let me show you the command syntax out of Azure CLI to achieve this: resulting in this outcome: Copy this information aside; in the example of an Azure DevOps Service Connection, this information would be used as follows: where you just need to copy the correct information in the corresponding parameter fields: And using a Terraform deployment template file (or terraform.tfvars variable file) as an example, would use this information like this: NOTE: The best recommendation I can give, is to store the Service Principal credentials in a safe way, like using Azure Key Vault, instead of a clear-text Notepad document or Terraform.tf file
In this post, I wanted to clarify the use case, difference and similarities between Service Principals and Managed Identities.
Related Articles
Community Partners
DevOps Careers