Grant the managed identity permissions to access the Azure Key Vault secrets
By now, you have created a managed identity for the customers-service, vets-service and visits-service. In this step, you need to grant these 3 managed identities access to the secrets you added to the Azure Key Vault instance. To accomplish this, you can use the following the guidance: Grant your app access to Key Vault.
The following three apps of your application use the database hosted by the Azure Database for MySQL Single Server instance, so their managed identities will need to be granted permissions to access the secrets:
customers-servicevets-servicevisits-service
Step by step guidance
-
Grant the
getandlistsecrets permissions in the Azure Key Vault instance to each Spring Apps application’s managed identity by using Azure Key Vault access policy:CUSTOMERS_SERVICE_UID=$(az identity show -g $RESOURCE_GROUP -n customers-svc-uid --query principalId -o tsv) VISITS_SERVICE_UID=$(az identity show -g $RESOURCE_GROUP -n visits-svc-uid --query principalId -o tsv) VETS_SERVICE_UID=$(az identity show -g $RESOURCE_GROUP -n vets-svc-uid --query principalId -o tsv) az keyvault set-policy \ --name $KEYVAULT_NAME \ --resource-group $RESOURCE_GROUP \ --secret-permissions get list \ --object-id $CUSTOMERS_SERVICE_UID az keyvault set-policy \ --name $KEYVAULT_NAME \ --resource-group $RESOURCE_GROUP \ --secret-permissions get list \ --object-id $VETS_SERVICE_UID az keyvault set-policy \ --name $KEYVAULT_NAME \ --resource-group $RESOURCE_GROUP \ --secret-permissions get list \ --object-id $VISITS_SERVICE_UID