argocd-vault-plugin icon indicating copy to clipboard operation
argocd-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Use of Azure Managed Identity for reading secrets from Azure Key Vault

Open gsvkarteek opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe. Considering the organization's security stance, user-friendliness, and resource segregation standpoint, the recommendation aligns with opting for Managed Identities. However, the use of a Service Principal (SPN) is necessary for the ArgoCD Vault Plug-In to retrieve secrets from Key Vault

Describe the solution you'd like Enable means to connect Vault Plug-In through Managed Identitiy.

gsvkarteek avatar Aug 21 '23 11:08 gsvkarteek

As an addition, it would also be nice to make the documentation more clear about this instead of simply linking to the Microsoft docs. When you follow the Microsoft docs (link) it looks like managed identity should work.

KevinDW-Fluxys avatar Aug 23 '23 09:08 KevinDW-Fluxys

Duplicate of https://github.com/argoproj-labs/argocd-vault-plugin/issues/421

YvesZelros avatar Aug 31 '23 08:08 YvesZelros

The Plugin docs just mention a link to the Azure docs. The Azure docs state

No credentials are needed for managed identity authentication. The application must be running on an Azure resource configured to use managed identities.

Which is not working when using the plugin (using other plugins works fine). That means the plugin must be sending a request with different parameters than the one expected by Azure.

Stolz avatar Nov 11 '23 16:11 Stolz

Released in https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v1.18.0

werne2j avatar May 28 '24 13:05 werne2j