Edit

EnvironmentCredential Class

  • Reference

A credential configured by environment variables.

This credential is capable of authenticating as a service principal using a client secret or a certificate, or as a user with a username and password. Configuration is attempted in this order, using these environment variables:

Service principal with secret:

  • AZURE_TENANT_ID: ID of the service principal's tenant. Also called its 'directory' ID.

  • AZURE_CLIENT_ID: the service principal's client ID

  • AZURE_CLIENT_SECRET: one of the service principal's client secrets

  • AZURE_AUTHORITY_HOST: authority of an Azure Active Directory endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud, which is the default when no value is given.

Service principal with certificate:

  • AZURE_TENANT_ID: ID of the service principal's tenant. Also called its 'directory' ID.

  • AZURE_CLIENT_ID: the service principal's client ID

  • AZURE_CLIENT_CERTIFICATE_PATH: path to a PEM or PKCS12 certificate file including the private key. The certificate must not be password-protected.

  • AZURE_AUTHORITY_HOST: authority of an Azure Active Directory endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud, which is the default when no value is given.

User with username and password:

  • AZURE_CLIENT_ID: the application's client ID

  • AZURE_USERNAME: a username (usually an email address)

  • AZURE_PASSWORD: that user's password

  • AZURE_TENANT_ID: (optional) ID of the service principal's tenant. Also called its 'directory' ID. If not provided, defaults to the 'organizations' tenant, which supports only Azure Active Directory work or school accounts.

  • AZURE_AUTHORITY_HOST: authority of an Azure Active Directory endpoint, for example "login.microsoftonline.com", the authority for Azure Public Cloud, which is the default when no value is given.

Inheritance
builtins.object
EnvironmentCredential

Constructor

EnvironmentCredential(**kwargs: Mapping[str, Any])

Methods

close

Close the credential's transport session.
get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

close

Close the credential's transport session.

close() -> None

get_token

Request an access token for scopes.

This method is called automatically by Azure SDK clients.

get_token(*scopes: str, **kwargs: Any) -> AccessToken

Parameters

scopes
str
Required

desired scopes for the access token. This method requires at least one scope.

tenant_id
str

optional tenant to include in the token request.

Return type

AccessToken

Exceptions

CredentialUnavailableError

environment variable configuration is incomplete