bgklein
commented
5 years ago The current recommended way to authenticate with other services from a node deployed with Batch is to upload a certificate to Batch (https://docs.microsoft.com/en-us/rest/api/batchservice/certificate/add), specify that certificate to be downloaded to your nodes(https://docs.microsoft.com/en-us/rest/api/batchservice/pool/add#request-body), and then use that certificate to authenticate with a Service Principal which has access to desired services.
Trying to avoid saving storage keys either in the environment or within the code base. Is there any way to either exposed the key for a storage account linked to the batch account or to stage files directly to the linked account in the SDK? I am currently pulling a separate token from AD w/ the identity model, but it would be nice to just do this once with the batch account.