docs: document Azure client-secret → federated identity migration#383
Open
mintlify[bot] wants to merge 1 commit into
Open
docs: document Azure client-secret → federated identity migration#383mintlify[bot] wants to merge 1 commit into
mintlify[bot] wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Document the new Azure cloud-account migration flow that switches an existing client-secret connection to federated identity credentials (workload identity), so customers no longer need to rotate a client secret every 365 days.
Changes
Application.ReadWrite.AllMicrosoft Graph permission, with a pointer to the existing setup paths that already grant it).pending → running → cutting over → completed), per-cluster cutover behavior, and automatic deletion of the stored client secret on success.Context
Triggered by porter-dev/code#6502, which shipped the async worker that drives the Azure FIC migration end to end: provisioning the federated identity, flipping each AKS cluster's CAPZ
AzureClusterIdentityto workload identity, and removing the stored client secret once all clusters have cut over. The flow mirrors the existing GCP "Migrate to Workload Identity Federation" experience.cc @