Public preview: Azure Container Instances support of managed identities
Posted on Tuesday, October 23, 2018
Azure Container Instances announces the public preview support of managed identities in all Container Instances regions.
Previously, authenticating a container group required the passing of secrets through mechanisms like environment variables or secret volumes. This required additional effort in trying to secure a path to pass, consume, and maintain secrets. This pain point could grow larger as the number of container groups and secrets began to scale up.
Support for managed identities streamlines this process. You can offload secret management by authenticating container groups to utilize system-assigned identities for the lifetime of a specific container group, or user-assigned identities that can be pre-created and reused with Azure Active Directory (Azure AD). You can now complete tasks such as retrieving secrets from Azure Key Vault or writing output to an Azure Storage endpoint with secure authentication handled by Azure AD.
Simply deploy a container group with the --assign-identity parameter to set this up on creation.
az container create --resource-group myResourceGroup --name mycontainer --image $MY_IMAGE --assign-identity $resourceID
az container create --resource-group myResourceGroup --name mycontainer --image $MY_IMAGE --assign-identity
To get started, follow the tutorial about using managed identities with Azure Container Instances.
See related feedback from Azure customers
Support MSI completed
Allow the AzureServiceTokenProvider class to work its magic inside a container instance. That is: - allow us to define a 'container application' that automatically registers as an AAD principal. - a container instances can then belong to an application - define the MSI_ENDPOINT and MSI_SECRET environment variables for the running instance, allowing it to automatically authenticate as the application principal.Daniel Earwicker