Hacker News new | ask | show | jobs
by wodenokoto 1008 days ago
I really dislike how Azure makes you juggle keys in order to make any two Azure things talk together.

Even more so, you only have two keys for the entire storage account. Would have made much more sense if you could have unlimited, named keys for each container.
3 comments
unoti 1008 days ago
> I really dislike how Azure makes you juggle keys in order to make any two Azure things talk together.

Actually there is a better way. Look into “Managed Identity”. This allows you to grant access from one service to another, for example grant access to allow a specific VM to work with your storage account.

link
bob1029 1008 days ago
This is what we are using for everything. It makes life so much easier.

So far, our new Azure tenant has absolutely zero passwords or shared secrets to keep track of.

Granting a function app access to SQL Server by way of the app's name felt like some kind of BS magic trick to me at first. But it absolutely works. Experiences like this give me hope for the future.

link
PretzelPirate 1008 days ago
> if you could have unlimited, named keys for each container.

These exist and are called Shared Access Tokens. People are too lazy to use them and just use the account-wide keys instead.

link
quickthrower2 1008 days ago
https://learn.microsoft.com/en-us/azure/role-based-access-co...
link