I was reading https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview and midway through realized my brain was boiling.
Is there a more intuitive explanation to what it is and why it eliminates the need to store credentials in the source code?
You can think of it as if your Azure Resource (ie. a VM) is the identity. Say you want to access a blob in Azure Storage from your Azure virtual machine. One option is to create an AAD application and put the client id and client secret (password) into your code or configuration file. This is the problem that managed identities try to solve.
With a managed identity assigned to the VM, Azure knows that the VM has an identity, so your code just calls storage directly, using the token obtained from the managed identity. You don't need to store a client secret to get that managed identity token, because Azure already knows 'who' the VM is and allows it to use the managed identity implicitly.
