With Entra ID P2 licence for PIM
az login && az extension add --name account
npm install @azure/identity @azure/keyvault-secrets
Enable system-assigned managed identity on an Azure App Service so the app can authenticate to Azure resources without any credentials.
1 import { DefaultAzureCredential } from '@azure/identity'; 2 import { SecretClient } from '@azure/keyvault-secrets'; 3 4 // DefaultAzureCredential chain: 5 // In Azure → uses Managed Identity (zero credentials needed) 6 // Locally → uses Azure CLI (az login) 7 // CI/CD → uses AZURE_CLIENT_ID/SECRET env vars (workload identity) 8 const credential = new DefaultAzureCredential(); 9 10 export const kvClient = new SecretClient( 11 process.env.KEY_VAULT_URL!, 12 credential 13 ); 14
App Service has managed identity; az command returns principalId
Sign in to share your feedback and join the discussion.