Azure AKS Workload Identity Federation
About This Architecture
Secretless pod authentication on AKS: a pod requests a token through workload identity federation — the AKS OIDC issuer is federated to Entra ID — then accesses Azure Key Vault and Azure SQL with a scoped token. No secret is stored in the pod; the cluster and the Azure identity services are grouped to show the federated trust path.
Architecture prompt
Secretless pod authentication on AKS: a pod requests a token through workload identity federation — the AKS OIDC issuer is federated to Entra ID — then accesses Azure Key Vault and Azure SQL with a scoped token. No secret is stored in the pod; the cluster and the Azure identity services are grouped to show the federated trust path.
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.