Azure Container Registry Managed Identity

[pietervincken]

What would you like Renovate to be able to do?

Using a managed identity to authenticate towards the Azure Container Registry for looking up images.

If you have any ideas on how this should be implemented, please tell us here.

A similar approach could be used to what's already been done for AWS. The username and password method could be preceded by a check for ACR repositories (they have a distinct domain) and could be authenticated up front through a call through the Azure SDK to detect authentication methods.

Is this a feature you are interested in implementing yourself?

No

[rarkins]

This needs some more research and details before it can more from requirements->ready

[bjuraga]

It's been a while. Could you please let the community know if there has been any progress on this issue?

[bjuraga]

In case anyone stumbles across this, one way to solve this without an admin user is to create a scope map on the ACR using a wildcard selector for repositories and grant the two read permissions.

Then create a token using the scope map you just created.

Last step, create a password for that token. You get two passwords so you can rotate them and set expiration dates.

[Dutchy-]

I am in the process of figuring this out for myself, ACR scope map tokens indeed seem like the best approach without more specific renovate support.

Why do you need to create a password for that token? And how?
Renovate accepts a token for a docker registry, is it not sufficient to use the token there?