No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi Standa! `DefaultAzureCredential` will work if you set the client id and secret as environment variables as described <https://learn.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet|here>.

Maybe easier and more predictable would be to use the desired auth method directly, in form of <https://learn.microsoft.com/en-us/dotnet/api/azure.identity.clientsecretcredential?view=azure-dotnet|ClientSecretCredential>. You’d pass your id and secret into the constructor.

Thanks Thomas, these two methods would work, but it would require me to specify the client ID and secret for the second time, which is not ideal. I was wondering if I could utilize the two YAML variables already set, Pulumi doesn't seem to let me.

Ah, I see what you mean. <https://www.pulumi.com/docs/concepts/config/#code|This> should be what you need?

No, this won't work, Pulumi doesn't allow you to read the `azure-native`-prefixed secret variables.

It does. See this example on the page I linked:
&gt; To access a namespaced configuration value, such as one set for a provider library like `aws`, you must pass the library’s name to the constructor. For example, to retrieve the configured value of `aws:region`:
&gt; ```var awsConfig = new Pulumi.Config("aws");
&gt; var awsRegion = awsConfig.Require("region");```
Or are you saying it’s an issue specifically with config values marked as secret? I’m not aware of any limitations here, other than that they are returned as `Output` instances.

Ok, I overlooked that, will give it a try, thanks!

This seems to work, thanks <@U038021B1CJ>!