Managed Identities (1 / 31): An e-commerce company is planning to migrate their monolithic application to a microservices architecture. They want to leverage Azure Container Apps for this purpose. The application needs to interact with Azure Key Vault to retrieve secrets and Azure SQL Database for storing and retrieving data. The company wants to avoid storing and managing credentials in their application code. Which type of managed identity would fit this scenario?
Answer:
This scenario is best suited for a System-assigned managed identity. System-assigned managed identities are tied to the lifecycle of the Azure resource (in this case, the Azure Container App) and are automatically cleaned up by Azure when the resource is deleted. The application can use the System-assigned managed identity to authenticate to any service that supports Entra ID authentication without having any credentials in the code. The Azure Container App can be granted access to the Azure Key Vault and Azure SQL Database using Azure role-based access control (RBAC).