mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-24 08:01:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/agent-and-proxy/autoauth/methods/azure.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

72 lines
3.0 KiB
Plaintext
Raw Permalink Blame History

---
layout: docs
page_title: Auto-auth with Azure
description: >-
Use Azure for auto-authentication with Vault Agent or Vault Proxy.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# Auto-auth method: Azure
The `azure` method reads in Azure instance credentials and uses them to
authenticate with the [Azure Auth
method](/vault/docs/auth/azure). It reads most
parameters needed for authentication directly from instance information based
on the value of the `resource` parameter.
## Configuration
- `role` `(string: required)` - The role to authenticate against on Vault
- `authenticate_from_environment` `(boolean: false)` - If set to true, will attempt to make an Azure
identity object through Azure specific environment variables, in priority order and as specified [in
Azure documentation][environment-variables]. Will work seamlessly with Azure
[Workload Identity][workload-identity] and others.
<Note>
If `authenticate_from_environment` is set to true, `object_id`, and `client_id` will be ignored
in favour of that authentication approach.
</Note>
- `scope` `(string: optional)` - The scope to use when obtaining a token. If not supplied, will default to
the value used for `resource` appended with "`/.default`" appended as a suffix. For more information on
scopes in Azure, see [this document][scopes].
- `resource` `(string: required)` - The resource name to use when getting identity information.
- `object_id` `(string: optional)` - The object ID of the user-assigned managed identity to use
when acquiring an [access token][azure-access-token]. Only one of `object_id` or `client_id`
may be provided.
- `client_id` `(string: optional)` - The client ID of the user-assigned managed identity to use
when acquiring an [access token][azure-access-token]. Only one of `object_id` or `client_id`
may be provided.
## Example configuration
Example client auto-auth configuration block for an [Azure Workload Identity][workload-identity]:
```hcl
auto_auth {
method {
type = "azure"
config = {
authenticate_from_environment = true
role = "dev-role"
resource = "https://management.azure.com/"
}
}
}
```
[azure-access-token]: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
[environment-variables]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#readme-environment-variables
[workload-identity]: https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview
[scopes]: https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc
Reference in New Issue View Git Blame Copy Permalink