Unable to replace secrets from Azure KeyVault using Managed Identity

[allwritesri]

Describe the bug I have followed the link provided in the documentation about the Azure KeyVault backend and that link suggests to follow Azure documentation which tells that for managed identity there isn't any need for credentials to be passed as long as the applications runs on an Azure Resource which is configured to use the managed identity.

I have setup the managed identity on the cluster which is running the AKS and also created one managed identity. However, there isn't any documentation provided to how to configure this for argocd-vault-plugin.

To Reproduce Steps to reproduce the behavior:

1. install argocd-vault-plugin as part of argocd-cluster
2. Select ARGOCD_ENV_AVP_TYPE as azurekeyvault and set ARGOCD_ENV_AZURE_TENANT_ID as the tenantId of the azure subscription
3. create a cluster secret with <> placeholders and follow the pattern of <path:secret-name>
4. Once updated, the error would be shown as could not unmarshal cluster secret {secret_name}

Expected behavior The secret should have got pulled from azure keyvault and replaced in the cluster.

[omelchukvladyslav]

Hi. Could you please take a look here: https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication?tabs=bash#-option-2-use-a-managed-identity

and here: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity#specify-a-user-assigned-managed-identity-for-defaultazurecredential

It is probably needed to set AZURE_CLIENT_ID to the identity's client ID.

[werne2j]

Is this still an issue?