acr icon indicating copy to clipboard operation
acr copied to clipboard
verified publisher icon Azure

Upstream workload identity federation - ACR/GAR

Open dougkelly opened this issue 7 months ago • 3 comments

What is the problem you're trying to solve I'm frustrated that Azure Container Registry Artifact cache required the manual management of credentials to authenticate to external upstream private registries like Google Artifact Registry.

Describe the solution you'd like I would like to request native, direct identity federation capabilities for ACR's artifact cache when pulling from external registries. ACR could use its own managed identity to authenticate with Google Cloud IAM, eliminating the need to have to managed pre-configured long access tokens or service account keys (comply with security best practices) to be generated and rotated by users.

Additional context Primary GCP footprint, looking to leverage Azure Batch and NP-series compute for large-scale genomic sequencing workloads.

dougkelly avatar Jun 09 '25 23:06 dougkelly

@JXavierMSFT @johnsonshi Would you mind following up on this feature request to Artifact Cache auth?

FeynmanZhou avatar Jun 10 '25 18:06 FeynmanZhou

@JXavierMSFT, can you follow up on the request for Artifact Cache auth?

johnsonshi avatar Jun 17 '25 17:06 johnsonshi

@dougkelly

Thank you for this request. I will add this request to our backlog. We are currently working on Managed Identity support for customers to authenticate when caching from another ACR. Federated Identity support will be supported after that.

JXavierMSFT avatar Jun 24 '25 16:06 JXavierMSFT

Follow the parent issue for progress.

toddysm avatar Dec 19 '25 01:12 toddysm