Closed johalnes closed 3 years ago
Just to clarify, you are aware that you can use get_managed_token
to authenticate with a managed identity, and pass the token to key_vault
?
Yes - I can see my explanation is somewhat confusing. In the example above, one would create a shiny app on local computer and then publish it to RStudio where System assigned identity is used for authentication. So every time one would have to change that token function.
It could be this issue should be in the AzureAuth package with implementation similar to Azure.Identity in Python. Should I move it?
If you just need a programmatic way of using a managed identity where available, the following should work with the current AzureKeyVault:
ident <- check_if_running_inside_identity()
token <- if(ident) get_managed_token("https://vault.azure.net") else get_azure_token("https://vault.azure.net", ...)
vault <- key_vault("vaultname", token=token)
The PR will change this so that you can do
ident <- check_if_running_inside_identity()
vault <- key_vault("vaultname", as_managed_identity=ident)
which is much better, but technically doesn't provide anything you can't already do.
Hi,
First of - really nice work with connecting R to Azure!
I've been using it for while now and have a proposal that I think can add value for others: support for token with managed identity. We have been uploading dashboards to Rstudio connect on Azure VM and have created some logic for it. Would guess this also would be helpful when working with R from docker images in ACI or Azure Functions.
The function to get token with managed identity already exists in AzureAuth, so it can be made as easy as to have a parameter "managed" with some logic around here.