Question Regarding Azure Key Vault and OAuth 2.0 #225
Description
Summary of the new feature / enhancement
The background of this question is that this module saves my team alot of refactoring when switching between vaults since a wide variety of vaults have extensions available. It is very very useful for working with creds on the shell.
I am attempting to use the Microsoft.PowerShell.SecretManagement module to access Azure Key Vault secrets in a hybrid environment. Our setup requires authentication coming from outside of the Azure tenant. For other Azure services, we can use either OAuth 2.0 authorization with a registered app or service principal authentication.
However, with the SecretManagement module, I've noticed that:
- The only authentication method available seems to be service principal.
- When I use oauth I receive the following when using Get-Secret:
Connect-AzAccount -AccessToken ... #sucessful auth
Get-Secret ...
Message: AKV10000: Request is missing a Bearer or PoP token.- When I use service principal it works fine.
Connect-AzAccount -ServicePrincipal .., #sucessful auth
Get-Secret ... #successful secret retrieval - There is currently no -AccessToken option for Get-Secret
I am specifically looking for a way to use OAuth 2.0 with this module, similar to how we can with other Azure services.
- Are there plans to add OAuth 2.0 support to the Microsoft.PowerShell.SecretManagement module for Azure Key Vault?
- In the meantime, is service principal authentication the recommended approach for our scenario?
- Are there any workarounds or best practices for using OAuth 2.0 with the SecretManagement module and Azure Key Vault?
- Is this a valid question?
I have opened a case with the Key Vault Support Team #2407160040005824 but thought maybe I should check here as well.
Proposed technical implementation details (optional)
No response