Supporting authentication through a managed identity instead of using a normal app

[Epoxylim]

Would this be something that could be supported going forward?

[cudeso]

Yes, it's certainly something to consider.
I do not have a lot of experience with authenticating via a managed identity but I'll put it on the list to investigate and for future implementations.

[lnfernux]

I can probably do this for the azure function app already, it's pretty simple to integrate a authentication chain there. I'll do a PoC and push it as a PR once the upload indicators branch is merged.

Should be the same lines of code for a vm running in Azure as it is for the Azure Function :)

[Kaloszer]

Hey @Infernux, were you able to do that yet? I actually really really want to do it that way :D

[lnfernux]

I have a PoC for this locally, but I haven't made it production friendly yet. Will try to get some time to do that the following weeks, I'll update here once I'm able.

[jusso-dev]

I noticed that the README mentions Azure Key Vault (only works on Azure VM) - "https://github.com/cudeso/misp2sentinel/tree/main?tab=readme-ov-file#azure-key-vault-integration-only-works-on-azure-vms"

But I'm not sure why this is called out? If the Azure Function has SystemIdentity/Managed System Identity (MSI) turned on, there is no reason it won't work with Azure Key Vault, you just need to configure the provisioned MSI with relevant Azure Key Vault RBAC or Access Policies.

[lnfernux]

@jusso-dev Because the Azure Function uses MSI to call KV as well, but does this outside of the code (integration via Application Settings, where you can do a key vault reference). This is just an easier integration, without having to write any code to do it. The outcome is the same :)

[jusso-dev]

Clarified in #86
@lnfernux