Open Epoxylim opened 1 year ago
cudeso
commented
1 year ago Yes, it's certainly something to consider. I do not have a lot of experience with authenticating via a managed identity but I'll put it on the list to investigate and for future implementations.
lnfernux
commented
12 months ago I can probably do this for the azure function app already, it's pretty simple to integrate a authentication chain there. I'll do a PoC and push it as a PR once the upload indicators branch is merged.
Should be the same lines of code for a vm running in Azure as it is for the Azure Function :)
Kaloszer
commented
9 months ago Hey @Infernux, were you able to do that yet? I actually really really want to do it that way :D
lnfernux
commented
9 months ago I have a PoC for this locally, but I haven't made it production friendly yet. Will try to get some time to do that the following weeks, I'll update here once I'm able.
jusso-dev
commented
5 months ago I noticed that the README mentions Azure Key Vault (only works on Azure VM) - "https://github.com/cudeso/misp2sentinel/tree/main?tab=readme-ov-file#azure-key-vault-integration-only-works-on-azure-vms"
But I'm not sure why this is called out? If the Azure Function has SystemIdentity/Managed System Identity (MSI) turned on, there is no reason it won't work with Azure Key Vault, you just need to configure the provisioned MSI with relevant Azure Key Vault RBAC or Access Policies.
lnfernux
commented
4 months ago @jusso-dev Because the Azure Function uses MSI to call KV as well, but does this outside of the code (integration via Application Settings, where you can do a key vault reference). This is just an easier integration, without having to write any code to do it. The outcome is the same :)
jusso-dev
commented
4 months ago Clarified in #86 @lnfernux
Would this be something that could be supported going forward?