I got a blob storage which I use as website. This blob has a system assigned managed identity.
This identity is added to a key vault as access policy. So actually it should be able to access the secrets.
But when I try it the way microsoft documented it I got an error.
const getSecret = async () => {
var credential = new DefaultAzureCredential({
ManagedIdentityClientId: "<blob-id>",
} as DefaultAzureCredentialOptions)
const keyVaultName = "<key-vault-name>"
const url = "https://" keyVaultName ".vault.azure.net"
const client = new SecretClient(url, credential)
const secret = await client.getSecret("function-key")
}
I got the error
Error: DefaultAzureCredential is not supported in the browser. Use InteractiveBrowserCredential instead.
at Module.60308 (defaultAzureCredential.browser.js:5:34)
Is this even possible?
Thanks!
CodePudding user response:
- Please check this azure-sdk-for-js issue according to which ,
interactive credentials is recommended instead of default
credentials.And for client side applications that run in the browser,
the
InteractiveBrowserCredentialis the only credential type that is supported.Please check this github reference - So for interactive credentials for Node.js, if a clientId is
provided, the Azure AD app need to be configured to have a
"Mobile and desktop applications"asredirectendpoint instead of web. See set up redirect uri
See DefaultAzureCredential and examples
Also according to DefaultAzureCredential Class | Microsoft Docs The following credential types if enabled will be tried, in order:
EnvironmentCredential >ManagedIdentityCredential > SharedTokenCacheCredential > VisualStudioCredential > VisualStudioCodeCredential > AzureCliCredential> AzurePowerShellCredential >InteractiveBrowserCredential:
uses browser to auth users - not enabled by default. Pass true to the DefaultAzureCredential to enable it.