Are there plans to support managed identity for static web apps?
I wanted to use managed identity with static web apps like I do with websites or functions. I stored information in Key Valut and could not auth my static web app using a managed identity. I had to resort to using a service principal.
@DarqueWarrior Could you elaborate a little more when you say used service principal. Was this on the client layer or the functions layer. I would assume you don't want to resolve secrets on the client side. Just trying to understand the context and scenarios where you would want to use Managed Identity besides functions.
Sure! Yes, it was on the function side. I stored my CosmosDB connection string in Key Vault because I could not figure out how to create an input binding for CosmosDB in static web apps.
So after storing my connection string in Key Vault I wanted to auth my static web app with Key Vault. Without an managed identity I just used a service principal in the function to auth to Key Vault and grab my connection string.
I am having the same issue. On a standalone Azure Function, I can use managed identity to connect to CDS, but I am unclear on how to set this up in SWA api.
I ended up using EnvironmentCredential with client secret.
I'll readily add my vote to this -- it would be nice to support Managed Identity on the Azure Functions side, as I'd prefer to authorize the managed identity access to my Azure SQL DB than have to create a login and provide the creds through a connection string.
Secret less config using managed identity would be a great feature
Thanks. Currently our guidance is to use the bring your own function app feature if you need managed identity in your function app. We do want to bring this to Static Web Apps’ built-in managed functions at some point but do not have an ETA.
Most helpful comment
I'll readily add my vote to this -- it would be nice to support Managed Identity on the Azure Functions side, as I'd prefer to authorize the managed identity access to my Azure SQL DB than have to create a login and provide the creds through a connection string.