Identity in a Linux VM

[gbsmith]

I was trying to get this working on a PHP app running on one of our Azure VMs running Ubuntu 20.04 and PHP 7.4.3 and encountered a couple of problems.

1. It blew up because the IDENTITY_ENDPOINT and IDENTITY_HEADER env vars are not present. Instead, I found that by using the instructions at https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad and simply using the "standard" local endpoint, http://169.254.169.254/metadata/identity/oauth2/token, and the Metadata: true header, I could get the token I needed (the VM had identity setup in Azure portal).

2. After that, the next problem was with the secret version; I don't care about it. So I tried calling getSecret with just the secret name but the default null secretVersion caused an error with the sprintf in endpoint construction as well as in the SecretEntity response instantiation. Neither like a null where a string should be. Once I ?? coalesced them to the empty string, I was able to grab the secret out of the vault.

So maybe there can be and alternative setting or subclass that uses the standard local URL and metadata instead of the IDENTITY_* env vars.

[wapacro]

The newest release covers both of your concerns. The VM/App Service detection is done automatically, so no need to specify a different client.

See https://github.com/wapacro/az-keyvault-php/releases/tag/v2.1.0

[gbsmith]

Excellent!

[georgeboot]

@wapacro Interestingly, on an Azure Container Instance, the IDENTITY_ENDPOINT is NOT present but the IDENTITY_HEADER IS.

The package currently results in an error:

400 Bad Request
Required metadata header not specified or not correct