# the key vault's access policies for secret management.Īpi_secret_name = os.environ # Obtain the secret: for this step to work you must add the app's service principal to Keyvault_client = SecretClient(vault_url=key_vault_url, credential=credential) # on the App Service for the credential to authenticate with Key Vault. You must have first enabled managed identity # Next, get the client for the Key Vault. from flask import Flask, request, jsonifyįrom import SecretClientįrom azure.identity import DefaultAzureCredentialįrom import QueueClient The main app code is as follows explanations of important details are given in the next parts of this series.
FLASK BLUEPRINT AUTHENTICATION HOW TO
For more information about roles, see How to assign role permissions using the Azure CLI. To ensure that the app is allowed to write to the queue, use az role assignment create to assign the "Storage Queue Data Contributor" role to the app. The sample's provisioning script performs the following steps:Ĭreate the App Service host and deploy the code with the Azure CLI command, az webapp up.Ĭreate an Azure Storage account for the main app (using az storage account create).Ĭreate a Queue in the storage account named "code-requests" (using az storage queue create). The main app also provides a simple home page that displays a link to the API endpoint. The app provides a public API endpoint named /api/v1/getcode, which generates a code for some other purpose in the app (say, with two-factor authentication for human users). The main app in our scenario is a simple Flask app that's deployed to Azure App Service. Previous part: Third-party API implementation
0 kommentar(er)
