I think it's worth adding that whilst Arko's answer covers most of it, there was a missing step for me when trying with managed identity. I needed to create a new revision in the container app and set the authentication to be managed identity. If you don't do this, it will use secret-based authentication by default.