Azure Dynamic Secrets

Azure dynamic secrets is revocable, time-limited access and on-demand credentials for azure cloud.

Challenge/Scenarios

To consume Azure services (e.g., Azure Cosmos DB), the application must have valid Azure credentials. Azure uses service principal to authenticate its users. An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. It only needs to be able to do specific things, unlike a general user identity. It improves security if you only grant it the minimum permissions level needed to perform its management tasks. Any new application that needs to access to these azure resource adds operational overhead as more service principals are required new service principal to access.

Solution

Use DSV dynamic secrets for Azure. This starts with linking a DSV secret to an Azure Service Principal. Then each time you request the secret, it creates a short lived secret to access an Azure hosted service. You can set the TTL for how long those credentials will stay valid.

Benefits

Each app instance can request unique, short-lived credentials. Unique credentials ensures isolated, auditable access and enable revocation of a single client. While short-lived reduces the time frame in which they are valid.

Try for yourself Refer to azure dynamic secret.