Azure default credential for Production workloads

Question

Many of my customers use the default-credentials functionality from the Microsoft provided SDK's. This is advised and supported by Microsoft for .Net and Python.

Now, a new customer is using C++. For C++ this functionality is also available. you can download the SDK from the official Azure github page: https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/identity/azure-identity/README.mdIn the readme it states: Note: DefaultAzureCredential is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. It is not recommended to use it in production. Developers who want more control or whose scenario isn't served by the default settings should use other credential types. Why should we not use the DefaultAzureCredential for production workload?

Answer 1

@Bas Pruijn ,

That recommendation is specific to the C++ SDK. The DefaultAzureCredential provides a default TokenCredential authentication flow for applications that will be deployed to Azure.

The C++ SDK has an evolved approach and recommends only enabling in production those credentials which your application knows it will use. The recommendation then is to use specific authentication or a ChainedTokenCredential with the specific credentials you intend to support.

Let me know if this helps and if you have further questions. There is a related discussion about this topic detailed here: https://github.com/Azure/azure-sdk-for-cpp/issues/4682

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.