Share via


CredentialDescription.SignedAssertionFileDiskPath Property

Definition

When SourceType is SignedAssertionFilePath, optionally specifies the path on disk of a file containing a signed assertion used as a client assertion for the confidential client application. The signed assertion file is a file containing a signed JWT assertion that is used as a client credential. You will usually use this option when you want to integrate with workload identity federation with Azure Kubernetes Service (AKS). For details, see https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identity-federation.

public string? SignedAssertionFileDiskPath { get; set; }
member this.SignedAssertionFileDiskPath : string with get, set
Public Property SignedAssertionFileDiskPath As String

Property Value

Examples

The JSON fragment below describes a signed assertion acquired with workload identity federation with Azure Kubernetes Services (AKS):

{
    "ClientCredentials": [
    {
        "SourceType": "SignedAssertionFilePath",
        "ManagedIdentityClientId": "c:/path.signedAssertion"
    }]
}

The code below describes programmatically in C#, the same workload identity federation with with Azure Kubernetes Services (AKS) signed assertion.

Remarks

When deployed to AKS, if you specify SourceType = SignedAssertionFilePath but don't provide the signed assertion file disk path, the file will be searched based on the content of two environment variables: AZURE_FEDERATED_TOKEN_FILE and AZURE_ACCESS_TOKEN_FILE.

Applies to