Home > Mobile >  Azure Webapp Keyvault reference with user-assigned identity for staging slot
Azure Webapp Keyvault reference with user-assigned identity for staging slot

Time:04-05

Azure web app has keyvault references for configuration settings (environment variables). I followed this documentation to get the connection set up. The keyvault references are properly resolved in the production/main slot of the web app. They are not resolving for the staging slot. I've granted access to the staging web app for the same managed identity. Using the code snippet provided in the aformentioned link, doesn't allow for assigning it to a specific slot. Just the webapp resource. :

userAssignedIdentityResourceId=$(az identity show -g MyResourceGroupName -n MyUserAssignedIdentityName --query id -o tsv) appResourceId=$(az webapp show -g MyResourceGroupName -n MyAppName --query id -o tsv) az rest --method PATCH --uri "${appResourceId}?api-version=2021-01-01" --body "{'properties':{'keyVaultReferenceIdentity':'${userAssignedIdentityResourceId}'}}"

Any solutions as to the difference between the production and staging slots?

CodePudding user response:

As per this thread:

Each slot gets its own identity, and this stays with that slot during a swap. This means you always have a production security context, a test security context, etc.

So you need to create an identity for the staging slot and grant it permission(s) to key vault as well.

  • Related