portal | With it , you can create your own portals | Portal library

You could first build a list of paths, then in the second loop parse the files.

Your repository is private and requires login to pull image.

You need to create a registry credentials secret for kubernetes, as it do not uses docker credentials.

See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

1. Create a secret named regcred:

This issue was solved by Shiva's comment, add it as the answer to close the question:

Some apps call Microsoft Graph using their own identity and not on behalf of a user. For example, the Mail.Read application permission allows apps to read mail in all mailboxes without a signed-in user.

Configuring ApplicationAccessPolicy is used to limit the app access to a specific set of mailboxes.

1.Connect to Exchange Online PowerShell

Users of external identity providers have to be registered before the can login.

You can find the details here: https://developers.tapkey.io/api/authentication/identity_providers/#working-with-users

When it is necessary for your use case, that these users are automatically created when they login, please send a request to tapkey support and they will enable this feature for you.

Form offical website, I find azure blockchain will be retired.

And I try to create it on portal and also try to create it by azure cli, all failed.

Azure recommends that users who have created a blockchain service provide the service and recommend that they migrate as soon as possible. For users who need to create this service, the service is not provided.

So this should be the willingness to fail to create success, you can raise a support ticket to confirm it.

Sql server needs to set firewall policy be default, so I assume that after deploying app to azure web app, ip address must change and may lead to some error.

@Destroigo here met the firewall problem. Congratulations to solve it :)

Example, as per request in comment:

I was able to resolve your issue and update the query to fulfil your need.

Is it the local path to the certificate that is downloaded as CER/PEM format from Azure Key Vault ?

"clientCertificatePath is the path to a file which contains both the client certificate and private key." It always is the local path, but if you store it to OneDrive the path will format like "C:\Users\myuser\OneDrive - Microsoft\Documents\Certs".

if I am operating in private cloud, does it really matter (client secret / client certificate)?

In short, certificate is more secure than secret but it's complex to use. Which one you choose depends on your requirement. In my opinion, client secret can protect the Azure Key Vault when updating secret every few months.

There are the pros and cons of client secret and client certificate:

Client secret:

Pro: Easy to deploy - just takes some code and a secure data store. Depending on the security policy, can autogenerate passwords or force new users to create them.

Pro: Easy to administrate - password resets can (for some security policies) be done with automated tools

Con: For good security, passwords should be reset early and often. User's forgetting or failing to change passwords is either a security risk or a usability hassle.

Con: Good passwords can be hard to remember, which leads to the issues of users reusing passwords or writing them down.

Con: Password data stores are a weak point - if an intruder gets the password store, he gets the motherload.

Con: All parts of password transmission can lead to exposure - websites that store passwords locally for ease of use, internal server components that transmit in the clear, log files in COTS products that store passwords in the clear. With the secret being part of the transmission, you're only as strong as your weakest link - it takes serious effort to prevent exposure and the requirement is on both the user and the system developer.

Certificates:

Pro: Doesn't require the transmission of the secret. Proof of private key contains no secret information - mitigates all sorts of storage/transmission weak points.

Pro: Issued by a trusted party (the CA) which allows for a centralized management system for status across multiple applications. If a cert goes bad, it can get revoked. Fixing a password breakin must be done separately for each system unless a shared ID is used.

Pro: Non-repudiation case is stronger - in most password systems, the way the user is initially authenticated prior to account creation is pretty weak and the password reset mechanisms can offer another factor of plausible deniability. With many forms of certificate issuance, it's far harder for a user to say it wasn't them. Caveat - you're still only as good as your CA's issuance policies.

Pro: Serves more purposes than just authentication - can provide integrity and confidentiality as well.

Con: Still requires a password/pin - almost any private key pair storage mechanism is then unlocked with a PIN. SmartCards can have tamper protection and lockout capabilities to prevent brute force, but that doesn't fix the fact the user wrote his PIN on a sticky note next to the computer where the card is docked. Sometimes password issues reappear on a smaller scale with PKI.

Con: Complexity of infrastructure - setting up a PKI is no easy task and generally so expensive in both deployment and maintenance that it can only be used for large/expensive systems.

Con: Certificate Status reporting and updates are not easy - revoking a user credential that has become corrupted is onerous due to the size and complexity of the infrastructure. Usually, a CA generates a CRL that may or may not be provisioned within an OCSP server. Then every application should check every login for the CRL or OCSP status. This introduces a variety of time delays into the system between the time a PKI credential is reported as compromised and the time when the systems that rely on that credential actually start denying access. The speed of status update can be accelerated - but at a greater system complexity cost.