How to use the @azure/identity.DefaultAzureCredential function in @azure/identity
To help you get started, we’ve selected a few @azure/identity examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Azure / azure-sdk-for-js / sdk / keyvault / keyvault-keys / samples / typescript / helloWorld.ts View on Github 
async function main(): Promise {
// DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const keyName = "MyKeyName";
const ecKeyName = "MyECKeyName";
const rsaKeyName = "MyRSAKeyName";
// You can create keys using the general method
const result = await client.createKey(keyName, "EC");
console.log("key: ", result);
// Or using specialized key creation methods
const ecResult = await client.createEcKey(ecKeyName, { curve: "P-256" });
const rsaResult = await client.createRsaKey(rsaKeyName, { keySize: 2048 }););
return;
}
// ONLY AVAILABLE IN NODE.JS RUNTIME
// DefaultAzureCredential will first look for Azure Active Directory (AAD)
// client secret credentials in the following environment variables:
//
// - AZURE_TENANT_ID: The ID of your AAD tenant
// - AZURE_CLIENT_ID: The ID of your AAD app registration (client)
// - AZURE_CLIENT_SECRET: The client secret for your AAD app registration
//
// If those environment variables aren't found and your application is deployed
// to an Azure VM or App Service instance, the managed service identity endpoint
// will be used as a fallback authentication source.
const defaultAzureCredential = new DefaultAzureCredential();
const queueServiceClient = new QueueServiceClient(
`https://${account}.queue.core.windows.net`,
defaultAzureCredential
);
console.log(`List queues`);
let i = 1;
for await (const item of queueServiceClient.listQueues()) {
console.log(`Queue ${i++}: ${item.name}`);
}
}async function main(): Promise {
// If you're using MSI, DefaultAzureCredential should "just work".
// Otherwise, DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const credential = new DefaultAzureCredential();
const client = new CertificateClient(url, credential);
const certificateName = "MyCertificate";
// Creating a self-signed certificate
const createPoller = await client.beginCreateCertificate(certificateName, DefaultCertificatePolicy);
const pendingCertificate = createPoller.getResult();
console.log("Certificate: ", pendingCertificate);
// To read a certificate with their policy:
let certificateWithPolicy = await client.getCertificate(certificateName);
// Note: It will always read the latest version of the certificate.
console.log("Certificate with policy:", certificateWithPolicy););
return;
}
// ONLY AVAILABLE IN NODE.JS RUNTIME
// DefaultAzureCredential will first look for Azure Active Directory (AAD)
// client secret credentials in the following environment variables:
//
// - AZURE_TENANT_ID: The ID of your AAD tenant
// - AZURE_CLIENT_ID: The ID of your AAD app registration (client)
// - AZURE_CLIENT_SECRET: The client secret for your AAD app registration
//
// If those environment variables aren't found and your application is deployed
// to an Azure VM or App Service instance, the managed service identity endpoint
// will be used as a fallback authentication source.
const defaultAzureCredential = new DefaultAzureCredential();
const blobServiceClient = new BlobServiceClient(
`https://${account}.blob.core.windows.net`,
defaultAzureCredential
);
// Create a container
const containerName = `newcontainer${new Date().getTime()}`;
const createContainerResponse = await blobServiceClient
.getContainerClient(containerName)
.create();
console.log(`Created container ${containerName} successfully`, createContainerResponse.requestId);
}async function main(): Promise {
// DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const client = new SecretClient(url, credential);
// Create a secret
const secretName = "MySecretName";
const result = await client.setSecret(secretName, "MySecretValue");
console.log("result: ", result);
// Read the secret we created
const secret = await client.getSecret(secretName);
console.log("secret: ", secret);
// Update the secret with different attributesasync function main() {
// If you're using MSI, DefaultAzureCredential should "just work".
// Otherwise, DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const credential = new DefaultAzureCredential();
const client = new CertificateClient(url, credential);
// Contacts are created independently of the certificates.
const contacts = [
{
email: "a@a.com",
name: "a",
phone: "111111111111"
},
{
email: "b@b.com",
name: "b",
phone: "222222222222"
}async function main() {
// DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const credential = new DefaultAzureCredential();
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
// Connection to Azure Key Vault
const client = new KeyClient(url, credential);
let keyName = "localWorkKey11241";
// Connection to Azure Key Vault Cryptography functionality
let myWorkKey = await client.createKey(keyName, "RSA");
const cryptoClient = new CryptographyClient(myWorkKey.id, credential);
// Sign and Verify
const signatureValue = "MySignature";async function main(): Promise {
// If you're using MSI, DefaultAzureCredential should "just work".
// Otherwise, DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const credential = new DefaultAzureCredential();
const client = new CertificateClient(url, credential);
// Contacts are created independently of the certificates.
const contacts = [
{
email: "a@a.com",
name: "a",
phone: "111111111111"
},
{
email: "b@b.com",
name: "b",
phone: "222222222222"
}async function main(): Promise {
// If you're using MSI, DefaultAzureCredential should "just work".
// Otherwise, DefaultAzureCredential expects the following three environment variables:
// - AZURE_TENANT_ID: The tenant ID in Azure Active Directory
// - AZURE_CLIENT_ID: The application (client) ID registered in the AAD tenant
// - AZURE_CLIENT_SECRET: The client secret for the registered application
const vaultName = process.env["KEYVAULT_NAME"] || "";
const url = `https://${vaultName}.vault.azure.net`;
const credential = new DefaultAzureCredential();
const client = new CertificateClient(url, credential);
// Creating two self-signed certificates. They will appear as pending initially.
await client.beginCreateCertificate("MyCertificate1", {
issuerName: "Self",
subject: "cn=MyCert"
});
await client.beginCreateCertificate("MyCertificate2", {
issuerName: "Self",
subject: "cn=MyCert"
});
// Listing all the available certificates in a single call.
// The certificates we just created are still pending at this point.
for await (const certificate of client.listPropertiesOfCertificates({ includePending: true })) {async function authenticate(
audience: string,
closeConnection: boolean = false
): Promise {
await connectionContext.cbsSession.init();
const credential = new DefaultAzureCredential();
const tokenObject = await credential.getToken(Constants.aadEventHubsScope);
if (!tokenObject) {
throw new Error("Aad token cannot be null");
}
const result = await connectionContext.cbsSession.negotiateClaim(
audience,
tokenObject,
TokenType.CbsTokenTypeJwt
);
console.log("Result is: %O", result);
if (closeConnection) {
await connectionContext.connection.close();
console.log("Successfully closed the connection.");
}
return result;
}@azure/identity
Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID
