Public preview: Azure Container Instances support of managed identities
Updated: 24 October, 2018
Azure Container Instances announces the public preview support of managed identities in all Container Instances regions.
Previously, authenticating a container group required the passing of secrets through mechanisms such as environment variables or secret volumes. This required additional effort in trying to secure a path to pass, consume and maintain secrets. This pain point could grow larger as the number of container groups and secrets began to scale up.
Support for managed identities streamlines this process. You can offload secret management by authenticating container groups to utilise system-assigned identities for the lifetime of a specific container group, or user-assigned identities that can be precreated and re-used with Azure Active Directory (Azure AD). You can now complete tasks such as retrieving secrets from Azure Key Vault or writing output to an Azure Storage endpoint with secure authentication handled by Azure AD.
Simply deploy a container group with the --assign-identity parameter to set this up on creation.
az container create --resource-group myResourceGroup --name mycontainer --image $MY_IMAGE --assign-identity $resourceID
az container create --resource-group myResourceGroup --name mycontainer --image $MY_IMAGE --assign-identity
To get started, follow the tutorial about using managed identities with Azure Container Instances.