Support for ManagedIdentity

[mbfaay]

It would be nice to have support for ManagedIdentityCredential.
e.g. for case where Strapi is running in Azure App Service and media is stored in Azure Storage Account with shared keys disabled.

[mbfaay]

Have a suggested solution available for you.
Based on:
https://learn.microsoft.com/en-us/answers/questions/760656/using-managedidentity-with-node-js-web-app-to-acce

@@ -1,5 +1,6 @@
 import {
     AnonymousCredential,
+    ManagedIdentityCredential,
     BlobServiceClient,
     newPipeline,
     StorageSharedKeyCredential,
@@ -14,6 +15,7 @@ type Config = {
     containerName: string;
     defaultPath: string;
     cdnBaseURL?: string;
+    managedIdentity?: boolean;
 };

 type StrapiFile = File & {
@@ -44,12 +46,18 @@ function makeBlobServiceClient(config: Config) {
     const account = trimParam(config.account);
     const accountKey = trimParam(config.accountKey);
     const sasToken = trimParam(config.sasToken);
+    const managedIdentity = config.managedIdentity;
     const serviceBaseURL = getServiceBaseUrl(config);
-    // if accountKey doesn't contain value return below line
+    // if sasToken contains value return below line
     if (sasToken != '') {
         const anonymousCredential = new AnonymousCredential();
         return new BlobServiceClient(`${serviceBaseURL}${sasToken}`, anonymousCredential);
     }
+    // if managedIdentity is true return below line
+    if (managedIdentity) {
+        const aadCredentials = new ManagedIdentityCredential();
+        return new BlobServiceClient(serviceBaseURL, aadCredentials);
+    }
     const sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
     const pipeline = newPipeline(sharedKeyCredential);
     return new BlobServiceClient(serviceBaseURL, pipeline);

[jakeFeldman]

Hello @mbfaay, I'm okay supporting other connection types. Would you like to issue a PR?

[mbfaay]

Hi @jakeFeldman, I can issue a PR for supporting managed identity.
Can you give me the rights to create a branch for this?

[mbfaay]

Hi @jakeFeldman, I can issue a PR for supporting managed identity. Can you give me the rights to create a branch for this?

Gentle reminder

[jakeFeldman]

Hey @mbfaay thanks for the reminder. You should be able to fork the repo and open a PR from your fork. Let me know if you have any issues doing so.

[nmartin5]

@jakeFeldman I see that #72 has been approved. Is this still on the roadmap? I would love to start using this feature.
Thanks!

[Jeinhaus]

@jakeFeldman This would be awesome to have. Is there anything needed beside the open #72 to get this working?

[jakeFeldman]

Hi @Jeinhaus, I haven't looked at #72 in a while and would need testing. If you would like to take ownership on the PR and make sure everything is good to go, I'd be happy to get it merged in

[Jeinhaus]

@jakeFeldman thank you for responding so quickly.
To be honest, I'm a total Azure, strapi and js noob, but I might give it a try to test #72.
Maybe @mbfaay is still around and have a look at it as well?

[fardarter]

Can be closed now?