Hello,
-
I’m implementing an Azure Pipeline that automates the creation of an Azure Key Vault using the Ansible azure_rm_keyvault module (latest version)
-
Currently, to authenticate the module with Azure, I use the service principal method, passing the AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, and AZURE_TENANT as environment variables.
It works fine. -
For details, we’ve created an ARM service connection based on the Service Principal authentication and used the AzureCLI@2 task to retrieve all the environment variables that the azure_rm_keyvault module needs.
-
For security reasons, we plan to migrate the service principal authentication from a secret to federated credentials (and thus remove the secret).
However, we noted that in this case, we can’t retrieve the AZURE_SECRET variable, and as a result, the azure_rm_keyvault module authentication fails.
Please, do you know how to authenticate the azure_rm_keyvault module with Azure when the service principal is configured using federated credentials instead of secrets?
If it is not possible, do you plan to add this authentication method to the module?
Thank you,
Fabio