Closed fgheysels closed 1 year ago
stijnmoreels
commented
1 year ago We already support managed identity for Service Bus: https://messaging.arcus-azure.net/Features/message-handling/service-bus#pump-configuration
EventHubs, not yet, I think.
fgheysels
commented
1 year ago We already support managed identity for Service Bus: https://messaging.arcus-azure.net/Features/message-handling/service-bus#pump-configuration
EventHubs, not yet, I think.
Great! I missed that / overlooked it in the docs.
I'm not sure if this is already possible, but I haven't found anything on it in the docs.
AFAIK, we must always provide a connection-string to the message-pump in order to be able to connect to Service Bus, EventHub, etc... It would be nice if we could achieve that using managed identity as well. The App that is created must have an identity then of course, and that identity must be assigned to the correct roles in Azure for this to work.
If this would be possible, this would be a huge security improvement imho.
(Maybe this is already possible without having to make a code change ? It's a matter of passing in the URL to the endpoint which doesn't contain any tokens / secrets, and setting the correct roles on identity level).