Add support for Azure Workload Identity authentication

We run our vault instance in AKS and want to use the new  [Azure Workload Identity](https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview) service to authenticate against Azure resources when using Azure keyvault for the unseal key handling. 

This requires the Azure keyvault authentication to support the [Workload Identity Federation](https://learn.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation) mechanism.

[Here](https://github.com/Xovis/go-kms-wrapping/tree/support-azure-workload-identity-authentication) is an implementation (leaning heavily on the [Azure example](https://github.com/Azure/azure-workload-identity/tree/main/examples/msal-go)) that I patched vault with and that runs successfully in our cluster.

Would it be possible to integrate this or something like it in the go-kms-wrapping module and then into the official vault release?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add support for Azure Workload Identity authentication #117

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add support for Azure Workload Identity authentication #117

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions