azure/auth-oidc 1.0.0
Authenticate the Azure CLI via OIDC
Issue Tracker
Parameters
Parameter
Required
Default
Description
oidc-token
*
The OIDC token that will be exchanged for temporary credentials (e.g. vaults.your-vault.oidc.your-token)
client-id
*
The client id of a service principal or a user-assigned managed identity
tenant-id
*
The tenant id
subscription-id
The subscription id
allow-no-subscription
false
Whether it is permissable to have no subscriptions associated to the client id (for use in managing tenant-level resources)
README.md
This leaf authenticates the Azure CLI via OIDC. It works with Azure's workload identity federation. Specifically, you can authenticate as a service principal or user-assigned managed identity.
The Azure CLI is required. Mint provides the azure/install-cli leaf.
To authenticate with an identity using a subscription:
tasks:
- key: azure-cli
call: azure/install-cli 1.0.1
- key: azure-auth
use: azure-cli
call: azure/auth-oidc 1.0.0
with:
oidc-token: ${{ vaults.your-vault.oidc.your-token }}
client-id: ${{ vaults.your-vault.secrets.your-azure-client-id }}
tenant-id: ${{ vaults.your-vault.secrets.your-azure-tenant-id }}
subscription-id: ${{ vaults.your-vault.secrets.your-azure-subscription-id }}
To authenticate without a subscription (when managing tenant-level resources):
tasks:
- key: azure-cli
call: azure/install-cli 1.0.1
- key: azure-auth
use: azure-cli
call: azure/auth-oidc 1.0.0
with:
oidc-token: ${{ vaults.your-vault.oidc.your-token }}
client-id: ${{ vaults.your-vault.secrets.your-azure-client-id }}
tenant-id: ${{ vaults.your-vault.secrets.your-azure-tenant-id }}
allow-no-subscription: true