azure-identity-py

仓库: sickn33/antigravity-awesome-skills
安装量: 42
排名: #17242

安装

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill azure-identity-py

Azure Identity SDK for Python Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD). Installation pip install azure-identity Environment Variables

Service Principal (for production/CI)

AZURE_TENANT_ID

< your-tenant-id

AZURE_CLIENT_ID

< your-client-id

AZURE_CLIENT_SECRET

< your-client-secret

User-assigned Managed Identity (optional)

AZURE_CLIENT_ID

< managed-identity-client-id

DefaultAzureCredential The recommended credential for most scenarios. Tries multiple authentication methods in order: from azure . identity import DefaultAzureCredential from azure . storage . blob import BlobServiceClient

Works in local dev AND production without code changes

credential

DefaultAzureCredential ( ) client = BlobServiceClient ( account_url = "https://.blob.core.windows.net" , credential = credential ) Credential Chain Order Order Credential Environment 1 EnvironmentCredential CI/CD, containers 2 WorkloadIdentityCredential Kubernetes 3 ManagedIdentityCredential Azure VMs, App Service, Functions 4 SharedTokenCacheCredential Windows only 5 VisualStudioCodeCredential VS Code with Azure extension 6 AzureCliCredential az login 7 AzurePowerShellCredential Connect-AzAccount 8 AzureDeveloperCliCredential azd auth login Customizing DefaultAzureCredential

Exclude credentials you don't need

credential

DefaultAzureCredential ( exclude_environment_credential = True , exclude_shared_token_cache_credential = True , managed_identity_client_id = ""

For user-assigned MI

)

Enable interactive browser (disabled by default)

credential

DefaultAzureCredential ( exclude_interactive_browser_credential = False ) Specific Credential Types ManagedIdentityCredential For Azure-hosted resources (VMs, App Service, Functions, AKS): from azure . identity import ManagedIdentityCredential

System-assigned managed identity

credential

ManagedIdentityCredential ( )

User-assigned managed identity

credential

ManagedIdentityCredential ( client_id = "" ) ClientSecretCredential For service principal with secret: from azure . identity import ClientSecretCredential credential = ClientSecretCredential ( tenant_id = os . environ [ "AZURE_TENANT_ID" ] , client_id = os . environ [ "AZURE_CLIENT_ID" ] , client_secret = os . environ [ "AZURE_CLIENT_SECRET" ] ) AzureCliCredential Uses the account from az login : from azure . identity import AzureCliCredential credential = AzureCliCredential ( ) ChainedTokenCredential Custom credential chain: from azure . identity import ( ChainedTokenCredential , ManagedIdentityCredential , AzureCliCredential )

Try managed identity first, fall back to CLI

credential

ChainedTokenCredential ( ManagedIdentityCredential ( client_id = "" ) , AzureCliCredential ( ) ) Credential Types Table Credential Use Case Auth Method DefaultAzureCredential Most scenarios Auto-detect ManagedIdentityCredential Azure-hosted apps Managed Identity ClientSecretCredential Service principal Client secret ClientCertificateCredential Service principal Certificate AzureCliCredential Local development Azure CLI AzureDeveloperCliCredential Local development Azure Developer CLI InteractiveBrowserCredential User sign-in Browser OAuth DeviceCodeCredential Headless/SSH Device code flow Getting Tokens Directly from azure . identity import DefaultAzureCredential credential = DefaultAzureCredential ( )

Get token for a specific scope

token

credential . get_token ( "https://management.azure.com/.default" ) print ( f"Token expires: { token . expires_on } " )

For Azure Database for PostgreSQL

token

credential . get_token ( "https://ossrdbms-aad.database.windows.net/.default" ) Async Client from azure . identity . aio import DefaultAzureCredential from azure . storage . blob . aio import BlobServiceClient async def main ( ) : credential = DefaultAzureCredential ( ) async with BlobServiceClient ( account_url = "https://.blob.core.windows.net" , credential = credential ) as client :

... async operations

pass await credential . close ( ) Best Practices Use DefaultAzureCredential for code that runs locally and in Azure Never hardcode credentials — use environment variables or managed identity Prefer managed identity in production Azure deployments Use ChainedTokenCredential when you need a custom credential order Close async credentials explicitly or use context managers Set AZURE_CLIENT_ID for user-assigned managed identities Exclude unused credentials to speed up authentication When to Use This skill is applicable to execute the workflow or actions described in the overview.

返回排行榜