Support Managed Service Identity
We made application that uses Managed Service Identity.
It's easy and friendly way to access Azure Key Vault that contains some secrets.
Actually, Azure Batch is not support Managed Service Identity.
In this situation, We have to make another application between MSI enabled environment (Azure VM, Web Apps) and disabled environment (Azure Batch).
We don't want writing secrets in application package, environment variables and clear text configuration.
We want strongly Managed Service Identity in Azure Batch.
Deepika Bandhanadham commented
@Azure AD Team, Any update on this feature? I had to rewrite my code after testing it an MSI enabled Azure VM to make it work on Azure Batch. Last update is from May 2019.
Andrew Wilder commented
Can we get an update or estimated timeline for delivery of this feature?
Aida C. commented
Just want to escalate this. I've spent the last 12 hours setting up certs, renewal policies, making code changes to an app that ALREADY supports MSI to also be able to use a certificate... all because Batch doesn't have this feature. All of that and I will STILL have to deploy a secret, the cert password, in my package, and even still that certificates private key is less secure than I would normally make it sense AES256/SHA256 seems to not be a supported format. This really makes Azure Batch feels second-class sadly.
Thanks for checking in. We're closing out on technical details for this integration. Stay tuned! Apologies it's taken so long.
Can we please get an update on this? This is a standard feature of "regular" Azure Virtual Machines that you can configure with a single command line flag or config file option. We really, really don't want to have to store service principal credentials on our VMs if we can avoid it.
This has been under review for a long time - are there any updates on this?
Manh Vo commented
We have a similar problem as well. Batch Nodes are actually VM Scale Sets so it should support MSI natively.
Rivas, Hector commented
MSI worked great locally, but we package our apps and trigger them from ADF, and they just fail to run. A service principal seems to be the only route.
I really want MSI support. MSI makes it easy to use AD authentication and easily creates secure applications.
It is not secure for applications to store secrets in environment variables or application configuration files. If we can use MSI, it's easy to access the secret in KeyVault.
MSI is a great Azure feature. You should support MSI with Azure Batch.