Creating a Holiday Creatures Catalog in Azure with Secure Credentials

Belsnickel, Krampus, the Lutins, Rudolph, the Elves, Frau Perchta, Frosty, the Yule Goat, Ded Moroz, Mari Lwyd, and more – there are many creatures lurking about in this holiday season! In this blog post series, we’ll create a catalog of holiday creatures and deploy it to Azure using secured credentials throughout the dev and production processes.

Note: This series is a part of the Festive Tech Calendar, C# Advent Calendar, and .NET Advent Calendar. Be sure to check them out!

Diagram of the layout accomplished in this series - a console application writes to Azure Cosmos DB with read-write access for an Azure CLI credential. An ASP.NET web application reads the data from Azure Cosmos DB. It uses the Azure CLI credentials when running locally. When in Azure App Service, it uses the Managed Identity credential, which has read-only access to the database. The C# logo and Festive Tech Calendar 2022 logo are included.

This is a passwordless approach to developing in Azure. While the code for this series is going to show the Azure Identity SDK and Azure Cosmos SDK in C#, you could also do this in other languages. Here is a table of versions of libraries that this could work with.

Azure Cosmos DB SDK.NET SDK v3Java SDK v4JavaScript SDK v3Python SDK v4.3.0b2 or higher
Azure Identity SDKAzure Identity client library for .NETAzure Identity client library for JavaAzure Identity client library for JavaScriptAzure Identity client library for Python
Going Passwordless with Azure Cosmos DB for NoSQL RBAC and Azure Identity

The code for this series is available in my holiday-creatures repo on GitHub.

For this series, we will cover each of these in separate blog posts:


If you are coding along with this post, there are some prerequisites you need to have:

Value Tracking

As you go through the blog series, you will need to have certain values. I’ve created this table to help track the values you will need throughout the series.

FieldYour ValueWhere UsedVariable Name
1. Resource Group Name                                             Azure CLI commands$resourceGroupName
2. Azure Cosmos DB for NoSQL account name                                             Azure CLI commands$accountName
3. Azure Cosmos DB for NoSQL URI                                             Environment Variable: COSMOS_URI
4. “name” from response in read-only role creation (GUID)Used in role assignment$readOnlyRoleDefinitionId
5. “name” from response in read-write role creation (GUID)Used in role assignment$readWriteRoleDefinitionId
6. Object ID for Azure CLI principalUsed in read-write role assignment$principalId
7. Object ID for App Service Managed IdentityUsed in read-only role assignment$managedIdentityObjectId

By sadukie

2 thoughts on “Creating a Holiday Creatures Catalog in Azure with Secure Credentials”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.