Skip to content

[SUGGESTION] Use Microsoft Entra ID authentication #43

New issue
New issue
Open
Open
[SUGGESTION] Use Microsoft Entra ID authentication#43
Assignees
jaydestro
Labels
enhancementNew feature or requestsecure-future-initiative
@seesharprun

Description

@seesharprun
seesharprun
opened on Oct 10, 2024

We should use the best practices from the Azure Cosmos DB for NoSQL security guide: https://learn.microsoft.com/azure/cosmos-db/nosql/security

This would require changing the projects to use RBAC and Entra authentication with the following code:

using Azure.Identity;
using Microsoft.Azure.Cosmos;

DefaultAzureCredential credential = new();

using CosmosClient client = new(
    accountEndpoint: config?.CosmosUri, 
    tokenCredential: credential
);

and steps:

  1. Having the maintainers pre-import the Azure.Identity package: dotnet add package Azure.Identity --version 1.*
  2. Somehow setting up RBAC for user's accounts (no idea how you want to handle this)
  3. Instructing users to sign-in to Azure CLI or Visual Studio Code so the DefaultAzureCredential picks up their credential.
  4. Instructing users to only add their endpoint to the environment (no keys) (ex: dotnet user-secrets set "CosmosUri" "<nosql-account-endpoint>")

FYI @markjbrown

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecure-future-initiative

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions