bgavrilMS
commented
11 months ago Hi @suresh-chinnasamy. Yes managed identity is the best solution to avoid secrets and it'll work as long as your app is deployed on an Azure host.
You are using Azure Identity SDK, not MSAL SDK directly. MSAL is a lower level API, which Azure Identity uses in most cases, but not in Managed Identity flows (at least not yet).
Can you please open the issue on their repro ? https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/identity/azure-identity
Note: I will not transfer this issue because they have a different template.
Unable to get token using managedidentity authentication which is a wrapper enabled for workload identity as per microsoft support case confirmation
Looking for solution using AD workload identity in AKS cluster to connect to azure key vault instance to retrieve the secrets using Azure Java SDK based client library and its mangedcredentialbuilder() class.
06:53:19.070 [Thread-4] ERROR com.azure.identity.ManagedIdentityCredential - Azure Identity => ERROR in getToken() call for scopes [https://vault.azure.net/.default]: Managed Identity authentication is not available. 06:53:19.074 [Thread-4] ERROR com.azure.core.implementation.AccessTokenCache - Failed to acquire a new access token. 06:53:49.279 [Thread-5] ERROR com.azure.identity.ManagedIdentityCredential - Azure Identity => ERROR in getToken() call for scopes [https://vault.azure.net/.default]: Managed Identity authentication is not available. 06:53:49.280 [Thread-5] ERROR com.azure.core.implementation.AccessTokenCache - Failed to acquire a new access token.