Skip to content

make TiCDC support managed identity for Azure #3093

New issue
New issue
Open
#3094
Open
make TiCDC support managed identity for Azure#3093
#3094
Assignees
wlwilliamx
Labels
type/enhancementThe issue or PR belongs to an enhancement.
@wlwilliamx

Description

@wlwilliamx
wlwilliamx
opened on Nov 13, 2025

Today things like blob store access on azure is controlled by authentication via fixed azure keys/secrets as mentioned in: Grant Permissions to Remote Storage

This approach is less secure than managed identities which is managed and provisioned by azure gated by the vm identity and we would like to switch to using that: Managed identities for Azure resources - Managed identities for Azure resources

Currently this not appear to be supported and we would like to make a feature request to have this supported.

Notably instead of using a k8s secret (that is fixed and requires us to manage/rotate), I believe this feature would require binaries (like tikv) to query the local endpoint to obtain the credentials

e.g. How managed identities for Azure resources work with Azure virtual machines - Managed identities for Azure resources

curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H Metadata:true

Metadata

Metadata

Assignees

Labels

type/enhancementThe issue or PR belongs to an enhancement.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions