Support AKS Workload Identity with Azure Key Vault secrets in a CI/CD job

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

When using AKS Workload Identity, the AKS webhook injects the variables AZURE_CLIENT_ID and AZURE_TENANT_ID into the pods. However, these variables must be defined in GitLab CI for the job to be even created. These overwrite the injected values meaning that with this combination access to the key vault is not possible as it relies on the injected variables.

GitLab should allow for the use of AKS Workload Identity when using Azure Key Vault secrets in GitLab CI/CD