Share via

Is there a more secure way to access cosmos mongdb vcore via python app service

Priyanka Hurakadli 25 Reputation points Microsoft Employee
2025-02-05T20:13:55.3066667+00:00

Is there a more secure way to access data in Cosmos mongodb vcore via python App service. Currently I am using basic authentication using connection string. I would like to know if there is a way to authenticate using managed identity or AAD tokens.

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,749 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,257 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Raghunadh M 2,315 Reputation points Microsoft Vendor
    2025-02-06T02:49:06.65+00:00

    Hi @Priyanka Hurakadli

    Thanks for the Question and using Microsoft Q&A

    Yes, there are more secure ways to access data in Cosmos MongoDB vCore via a Python App Service. Instead of using basic authentication with a connection string, you can leverage Managed Identity or Azure Active Directory (AAD) tokens for authentication.

    Here's how you can do it:

    Managed Identity:

    Assign a Managed Identity to your App Service.

    Grant the Managed Identity the necessary permissions to access your Cosmos DB instance.

    Use the Managed Identity to authenticate and access your Cosmos DB data.

    Azure Active Directory (AAD) Tokens:

    Register your Python App Service as an application in Azure Active Directory.

    Assign the appropriate roles to the registered app to access Cosmos DB.

    Use the registered app's credentials to obtain an AAD token.

    Use the AAD token to authenticate and access your Cosmos DB data.

    Both methods provide a more secure way to access your data compared to basic authentication. Managed Identity eliminates the need for credentials in your code, while AAD tokens provide fine-grained access control and auditing capabilities.

    Please go through these Documentations that might help you:

    https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/vcore/security

    https://devblogs.microsoft.com/cosmosdb/new-rbac-features-for-vcore-based-azure-cosmos-db-for-mongodb/

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments
  2. Priyanka Hurakadli 25 Reputation points Microsoft Employee
    2025-02-06T06:12:59.01+00:00

    @Sai Raghunadh M Could you please give me more details on how to use managed identity to connect to Cosmos mongoDB vcore using Python code. Any code references would really help.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.