Hi,
I have got IoT Edge modules (in Red Hat Linux IoT Edge server), which connects to various source systems. I have developed a service that uses Azure App Id/Secrets to connect to Azure Key Vault and grab the secrets (e.g. api user/password, sql user/password)
I am passing Azure AD AppId/Secrets (https://docs.microsoft.com/en-us/azure/key-vault/authentication-requests-and-responses) from device properties (from Azure portal) during deployment of the module, which is used when calling Azure KV api to get secret.
Is this a best approach to use Key Vault from IoT Edge module if not then please suggest?
Thanks,
Muhammad Masood
This is probably your best bet if you want to configure these secrets from the cloud. The other option is to transmit the secrets through some out of band process to the device, place them on the filesystem, and then mount them into the container.
We understand this set up is not ideal. We are looking at what proper AAD integration looks like, with the ultimate goal of not having to transmit a secret to begin with.
Hi,
We want to develop a module which can update the Device certificates for IoT Edge in case they are expired. We where also thinking of use Key Vault for this according to this guide. Do we still need to provide the AppId/Secrets or is their already an other solution for this.
Thanks.