How to use environment variables instead of az login in azure cli or any other secured way?

Appmanager Zohocorp 21 Reputation points

I am trying to use Environment Variables for Azure CLI instead of the below 'az login' command

az login --service-principal -u [ClientID] -p [ClientSecret]--tenant [TenantID]

Can Azure CLI able to use environment variables for Azure credentials?

If not, is there any alternate way to set credentials to Azure CLI programmatically in a secured way instead of directly using client secret in command?

Note: AWS-CLI supports configuring credentials in environment variables for aws commands.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
771 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,743 questions
Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
512 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
823 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 15,066 Reputation points Microsoft Employee

    Hi @Appmanager Zohocorp ,

    Thanks for reaching out.

    I understand you are looking a secure way to pass credentials to Azure CLI preferably environment variables.

    CLI provides a way to set variables either in a configuration file or with environment variables.

    There are defined values that can be set as environment_variables as AZURE_{section}_{name} in the configuration file as mentioned here.

    To pass the credentials securely in Azure CLI using read -sp command in bash where credential can be passed without displaying in console as:

    read -sp "Azure password: " AZ_PASS && echo && az login --service-principal -u <app-id> -p $AZ_PASS --tenant<tenant>

    Alternatively, Powershell command can be used to pass credential securely as:

    $AzCred = Get-Credential -UserName <app-id>
    az login --service-principal -u $AzCred.UserName -p $AzCred.GetNetworkCredential().Password --tenant <tenant>

    Hope this will help to pass credential securely using Azure CLI.



    Please remember to "Accept Answer" if answer helped you.