https://pulumi.com logo
#azure
Title
# azure
p

powerful-printer-57241

08/25/2023, 2:38 PM
We are setting the
azure-native:clientId
and
azure-native:clientSecret
properties in the stack YAML to authenticate against Azure. Now, in the same code that is executed by Pulumi, we would like to access Azure Key Vault using the Microsoft SDK. However, just providing
new DefaultAzureCredential()
to the Key Vault client does not work. Is there a way to authenticate to Key Vault using the same identity that's defined by the
azure-native:clientId
and
azure-native:clientSecret
variables?
m

melodic-tomato-39005

08/25/2023, 2:46 PM
Hi Standa!
DefaultAzureCredential
will work if you set the client id and secret as environment variables as described here. Maybe easier and more predictable would be to use the desired auth method directly, in form of ClientSecretCredential. You’d pass your id and secret into the constructor.
p

powerful-printer-57241

08/25/2023, 2:48 PM
Thanks Thomas, these two methods would work, but it would require me to specify the client ID and secret for the second time, which is not ideal. I was wondering if I could utilize the two YAML variables already set, Pulumi doesn't seem to let me.
m

melodic-tomato-39005

08/25/2023, 2:49 PM
Ah, I see what you mean. This should be what you need?
p

powerful-printer-57241

08/25/2023, 3:00 PM
No, this won't work, Pulumi doesn't allow you to read the
azure-native
-prefixed secret variables.
m

melodic-tomato-39005

08/25/2023, 3:04 PM
It does. See this example on the page I linked:
To access a namespaced configuration value, such as one set for a provider library like
aws
, you must pass the library’s name to the constructor. For example, to retrieve the configured value of `aws:region`:
```var awsConfig = new Pulumi.Config("aws");
var awsRegion = awsConfig.Require("region");```
Or are you saying it’s an issue specifically with config values marked as secret? I’m not aware of any limitations here, other than that they are returned as
Output
instances.
p

powerful-printer-57241

08/25/2023, 3:05 PM
Ok, I overlooked that, will give it a try, thanks!
This seems to work, thanks @melodic-tomato-39005!