Setting up the Azure Credentials File

Configure an Azure Credentials File with service principal settings.

When setting up a service principal to use with scripts or tools, you may set up a credentials file. The Azure credentials file ~/.azure/credentials contain a few parameters. You obtain these parameters when you create the service principal.

The output of create-for-rbac looks like:

{
  "appId": "00000000-1111-0000-0000-000000000000",
  "displayName": "SigjeServiceDemoPrincipal",
  "name": "http://SigjeServiceDemoPrincipal",
  "password": "df111111-0000-0000-0000-100000000000",
  "tenant": "11111111-0000-0000-0000-000000000000"
}

The configuration for the Azure credential file looks like this:

[00000000-0000-0000-0000-100000000000]
client_id=00000000-1111-0000-0000-000000000000
secret=df111111-0000-0000-0000-100000000000
tenant=11111111-0000-0000-0000-000000000000

The mapping from the output received from the creation of the service principal to the creation of the credentials file:

  • appId maps to client_id and is the specific identifier of the service principal.

  • password maps to secret and is the credential for the service principal.

💡 You can also use certificate authentication instead of passwords, or for some Azure services use Managed Idenentities.

  • tenant is the same in both and is the specific identifier of the Active Directory instance in which you created this service principal.

  • The final required configuration parameter is the subscription ID. The subscription ID is the identifier that uniquely identifies the subscription to create and manage any resources and services with this credential. That’s what is enclosed in the brackets within the configuration.

Now you should be able to set up your Azure credential file. If you didn’t keep track of the password when you created the service principal, reset the credentials for the service principal.

For more quick real-world scenarios on Azure, check out the Azure Tips and Tricks site.