PMP - azure key vault #10268
PMP - azure key vault #10268
Conversation
|
|
||
| ## Configuring External Secret Management | ||
|
|
||
| To configure external secret management, you must first create a Key Vault and a secret, configure Azure AD Workload Identity, and then configure the required credentials in the Private Mendix Platform administrator panel. For more information, refer to the sections below. |
There was a problem hiding this comment.
Can we change this to - ....create a Key Vault and store your sensitive credentials as secrets, configure....
|
Reviewed and should be published at the same time as the release notes. |
katarzyna-koltun-mx
added
Future release
and removed
Needs R&D technical verification
labels
| azure.workload.identity/use: "true" | ||
| ``` | ||
|
|
||
| #### Configuring the Kubernetes Service Account |
There was a problem hiding this comment.
@katarzyna-koltun-mx can we also add this disclaimer text for this section -
Configuring the Kubernetes Service Account
To enable Azure AD Workload Identity, the Kubernetes Service Account used by your Private Mendix Platform application needs specific annotations to link it to the Azure User-Assigned Managed Identity. You have two options: use a dedicated custom Service Account or use the existing default Service Account in your application's namespace.
Using a Custom Service Account is recommended for better isolation. This involves creating a new Service Account specifically for your Mendix application to access secrets. The default service account already exists in every Kubernetes namespace. It's simpler but provides less isolation if other applications in the same namespace also use the default Service Account.
2 participants
No description provided.