little-library-5460107/25/2023, 3:33 PM
Best I can tell, I should set the "Identity" property in my Pulumi code that creates the web app (https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapp/). If I set the identity type to "system", presumably I don't have to specify the UserAssignedIdentities? And the Identity property on the resulting WebApp object would contain the principal ID needed in the next step of teh tutorial? After that, the tutorial uses this command to grant the web app (via its managed identity) access to the key vault:
az webapp identity assign --name "<your-webapp-name>" --resource-group "myResourceGroup"
To do that with Pulumi, do I use the same KeyVault.Vault type that's used to initially create the key vault? And by specifying a different object ID (the principal ID) and set of permissions, the web app will have the access it needs? Is using the same vault name sufficient to ensure that I'm referencing the same key vault resource as in its initial creation? One last thing... The first secret I need to set is a json object. This Azure doc: https://learn.microsoft.com/en-us/cli/azure/keyvault/secret?view=azure-cli-latest#az-keyvault-secret-set has this capability:
az keyvault set-policy --name "<your-keyvault-name>" --object-id "<principalId>" --secret-permissions get list
i.e. setting the secret directly from a file, which is what my json secret resides in. I don't see anything like that in the Pulumi docs for "Secret": https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/secret/ Is that pretty much up to the Pulumi developer to mimic? Thanks. Sorry for the length.
az keyvault secret set --name MySecretName --vault-name MyKeyVault --file /path/to/file --encoding MyEncoding
millions-journalist-3486807/25/2023, 6:53 PM
future-breakfast-1979107/26/2023, 9:26 AM