This is the second and probably final post in this series. If you haven’t read the first post I would highly recommend it. When we last left our erstwhile heroes, they had successfully setup the Azure authentication method on a Vault server and created a policy associated with a role in the Azure auth method. The policy grants access to a key-value store called webkv. Now comes the fun part, how does an Azure VM go about using the Azure auth method to access the secrets stored in webkv? So glad you asked!
I am currently working on a Getting Started course for HashiCorp’s Vault product. There was a pretty cool demo I put together for using Azure AD as an authentication source for Vault, but unfortunately I had to cut it for sake of time. I didn’t want it to go to waste though; so I figured I’d write about it here instead. Here’s what we’re going to do. Use the Managed Service Identity feature in Azure to give an Azure VM permissions to access secrets in Vault. This is the sort of thing that could be applied to anything that can receive an MSI in Azure, including App Service, Functions, VMSS, and more!
Not too long ago, I got a DL380 Gen10 from HPE to deploy the Azure Stack Development Kit. I had been limping along with a couple Frankstein systems running on Gen8 and Gen9 hardware. They had slow disks, not enough storage, and not enough RAM. This new beast has 384GB of RAM, 20 cores, and SSDs for the OS disk. Basically it’s awesome, and I am a very happy nerd. Since the early days of the ASDK, when it was just a little Technical Preview, there have appeared a growing library of scripts to help with the deployment of the ASDK. Since I am deploying the latest version today (1811), I thought it might be a good idea to share some helper scripts I put together to make the process a bit faster.
One of my goals for 2019 was to launch a new podcast. That process has officially started. The podcast is going to be called Day Two Cloud. I sent a tweet last week about the podcast to see if anyone would be interested in being a guest. The reaction was overwhelming. I was hoping to get two or three people to be guests. Instead I now have 14 interviews booked, and more people who are interested. I thought I would take to time to lay out what the podcast is meant to be, along with answers to FAQs that I have received from potential guests and listeners.