Vault
Vault Auto-Auth Azure method
The azure
method reads in Azure instance credentials and uses them to
authenticate with the Azure Auth
method. It reads most
parameters needed for authentication directly from instance information based
on the value of the resource
parameter.
Configuration
role
(string: required)
- The role to authenticate against on Vaultauthenticate_from_environment
(boolean: false)
- If set to true, will attempt to make an Azure identity object through Azure specific environment variables, in priority order and as specified in Azure documentation. Will work seamlessly with Azure Workload Identity and others.
Note: If authenticate_from_environment
is set to true, object_id
, and client_id
will be ignored
in favour of that authentication approach.
scope
(string: optional)
- The scope to use when obtaining a token. If not supplied, will default to the value used forresource
appended with "/.default
" appended as a suffix. For more information on scopes in Azure, see this document.resource
(string: required)
- The resource name to use when getting identity information.object_id
(string: optional)
- The object ID of the user-assigned managed identity to use when acquiring an access token. Only one ofobject_id
orclient_id
may be provided.client_id
(string: optional)
- The client ID of the user-assigned managed identity to use when acquiring an access token. Only one ofobject_id
orclient_id
may be provided.
Example configuration
Example client auto-auth configuration block for an Azure Workload Identity:
auto_auth {
method {
type = "azure"
config = {
authenticate_from_environment = true
role = "dev-role"
resource = "https://management.azure.com/"
}
}
}