search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.25k stars 4.59k forks source link

[FEATURE REQ] Support for Azure DevOps Workload Identity #45580

Closed kkazala closed 2 weeks ago

kkazala commented 3 weeks ago

Library name

Azure.Identity

Please describe the feature.

Currently, the DefaultAzureCredential supports the following credential types:

Since somewhere in October '23 we have Azure DevOps Pipeline with Workload Identity federation which allows us defining Service Connections without secrets/certificates significantly improving overall security of our environments.

The AzurePowerShell tasks supports the Pipeline Workload Identity which allows us building pipelines that deploy Azure resources within the context of this identity. Connecting to other Azure AD-secured endpoints, however, requires retrieving the access token: Get-AzAccessToken -ResourceUrl -"https://$(tenantName).sharepoint.com" and using it when connecting to a new endpoint, e.g. Connect-PnPOnline -Url "https://$(tenantName).sharepoint.com/sites/$(siteName)" -AccessToken $azAccessToken.Token -ReturnConnection

Could you add the Pipeline Workload Identity to the supported credential types? It would streamline things a lot =) thx for considering

github-actions[bot] commented 3 weeks ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

christothes commented 2 weeks ago

duplicate of #44969