I have Azure service fabric cluster in tenantA which needs to connect to Azure key vault in tenantB to load up some of the connection strings required for its applications hosted on it
Thought of trying out the below set-up:
to establish the handshake between the service fabric cluster in tenantA and Azure key vault in tenantB is by using Azure AD Application belongs to tenantB.
configure Azure AD Application ID which belongs to tenantB to Azure service fabric application config in tenantA
add Azure AD Application ID to the access policy of Azure key vault in tenantB
With this setup, will handshake between Azure service fabric cluster and Azure key vault happen?
(or)
Azure service fabric cluster, Azure key vault & Azure AD application have to be in same tenant?
As long as the Application Id used to access the Key Vault is in the same tenant as the Key Vault, the application can run from anywhere. The application (with application id) will acquire an access token from its own tenant and then use that to access the Key Vault. The environment executing the code can have identities from multiple tenants when using an application id and secret.