{"id":23557974,"url":"https://github.com/meken/local-msi-server","last_synced_at":"2026-03-07T06:32:27.374Z","repository":{"id":163557123,"uuid":"244613783","full_name":"meken/local-msi-server","owner":"meken","description":"Enables experiments with managed identities on a local machine ","archived":false,"fork":false,"pushed_at":"2024-06-11T19:57:52.000Z","size":15,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-30T10:22:35.745Z","etag":null,"topics":["azure","java","managed-identity"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/meken.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-03-03T11:03:22.000Z","updated_at":"2022-02-28T03:51:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"f0a79f39-0e71-4e72-8264-78913042a798","html_url":"https://github.com/meken/local-msi-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/meken/local-msi-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meken%2Flocal-msi-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meken%2Flocal-msi-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meken%2Flocal-msi-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meken%2Flocal-msi-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/meken","download_url":"https://codeload.github.com/meken/local-msi-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/meken%2Flocal-msi-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30209086,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T05:23:27.321Z","status":"ssl_error","status_checked_at":"2026-03-07T05:00:17.256Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","java","managed-identity"],"created_at":"2024-12-26T15:19:07.102Z","updated_at":"2026-03-07T06:32:27.366Z","avatar_url":"https://github.com/meken.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Local Managed Identity Server for development\n\n[Managed identities for Azure resources](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) allow app builders to connect to cloud services without using credentials. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets. This method enables you to secure your application in production, but poses some minor challenges in development. Although often times developers use mock services or emulators for cloud services, there's virtue in connecting to real cloud services. It's possible to contain different strategies for authentication depending on configuration (dev vs prod), but alternatively you could run a sample server that can act like an endpoint for managed identities. This way your application will be able to access the (development) cloud services without any changes in your code.\n\nNote that this server is designed to work with App Service managed identities.\n\n## Getting access to cloud services\n\nFirst of all you'll need to make sure that you've configured an identity (service principal) to connect\nto a cloud service. If you don't have one, try the following command to create a new one\n\n```bash\nID_NAME=\"http://spn-my-local-msi\"  # needs to be a URI\nCLIENT_SECRET=`az ad sp create-for-rbac --name $ID_NAME --skip-assignment --query password -o tsv`\n```\n\nNote that this server expects SPN information to be set in certain environment variables, so in addition to\nthe `CLIENT_SECRET`, you need to set the `CLIENT_ID` and `TENANT_ID`\n\n```bash\nCLIENT_ID=`az ad sp show --id $ID_NAME --query appId -o tsv`\nTENANT_ID=`az ad sp show --id $ID_NAME --query appOwnerTenantId -o tsv`\n```\n\nOnce the environment variables are set, you can assign permissions to the service principal to access\nresources. For example, in order to be able to manage (send/listen) all Event Hubs in an Azure Event\nHubs Namespace, you need to run the following command\n\n```bash\n# First get the scope of the Azure Event Hubs Namespace\nRG=...  # the resource group in which the Azure Event Hubs Namespace is created\nNS=...  # the name of the Azure Event Hubs Namespace\nSCOPE=`az eventhubs namespace show -g $RG -n $NS --query id -o tsv`\n# Now the you can assign the service principal the required role\naz role assignment create --assignee $CLIENT_ID --role \"Azure Event Hubs Data Owner\" --scope $SCOPE\n```\n\nNote that some cloud services (i.e. [Azure SQL Database](https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi)) might require different/additional steps to enable\naccess from service principals.\n\n## Running the server\n\nAfter cloning this repository, build the code\n\n```bash\nmvn clean package -DskipTests\n```\n\nAssuming that the environment variables `CLIENT_ID`, `CLIENT_SECRET` and `TENANT_ID` has been set, you can now run the server\n\n```bash\njava -jar target/app.jar\n```\n\nBy default the server runs on port `1509`, you can change that through the standard methods of configuring\nthe `server.port` property for Spring Boot.\n\n## Running your application\n\nApp Services expect the environment variables `MSI_ENDPOINT` and `MSI_SECRET` to be set. Assumint that the\nlocal MSI server is running on localhost and the default port, you can use the following to configure\nthese variables\n\n```bash\nMSI_ENDPOINT=http://localhost:1509/msi/token\nMSI_SECRET=foobar  # the value doesn't matter, it could be empty as well\n```\n\nNow if you run your application (which uses [AppServiceMSICredentials](http://azure.github.io/ref-docs/java/com/microsoft/azure/credentials/AppServiceMSICredentials.html)), the local MSI server will be accessed with\nthe request to provide a token, which is then retrieved using the service principal that has been configured.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeken%2Flocal-msi-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmeken%2Flocal-msi-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeken%2Flocal-msi-server/lists"}