-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use V5 ESRP task with backing MI + AKV #102542
Conversation
With this, could we theoretically move to using the ESRP CLI with managed identity? (To make DAC signing in the VMR easier and to simplify our infra in the repo around signing the dac and embedding it in the single file host) |
Tagging subscribers to this area: @hoyosjs |
I still need to check - that requires us to install the cert machine wide. That feels a little wide scoped for the purpose of locking down this account. |
/backport to release/9.0-preview5 |
Started backporting to release/9.0-preview5: https://github.com/dotnet/runtime/actions/runs/9230551811 |
This PR moves to using WIF + AKV RBAC to support signing diagnostic files without need of manual cert or secret rotation.