{"id":18149258,"url":"https://github.com/jongio/azureclicredentialcontainer","last_synced_at":"2025-09-10T19:36:36.893Z","repository":{"id":69183902,"uuid":"274416302","full_name":"jongio/azureclicredentialcontainer","owner":"jongio","description":null,"archived":false,"fork":false,"pushed_at":"2023-03-22T23:12:25.000Z","size":15,"stargazers_count":6,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-24T04:45:58.348Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jongio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-23T13:42:33.000Z","updated_at":"2024-07-30T14:48:59.000Z","dependencies_parsed_at":"2023-04-24T20:49:11.747Z","dependency_job_id":null,"html_url":"https://github.com/jongio/azureclicredentialcontainer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jongio/azureclicredentialcontainer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazureclicredentialcontainer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazureclicredentialcontainer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazureclicredentialcontainer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazureclicredentialcontainer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jongio","download_url":"https://codeload.github.com/jongio/azureclicredentialcontainer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazureclicredentialcontainer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274512522,"owners_count":25299470,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-01T23:12:26.609Z","updated_at":"2025-09-10T19:36:36.603Z","avatar_url":"https://github.com/jongio.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# How to use AzureCliCredential in a Container\n\n\u003e\u003e This solution no longer works with latest Azure SDK libraries.  Please see the issue here to follow along with the conversation: https://github.com/Azure/azure-sdk-for-net/issues/19167\n\n\n[AzureCliCredential](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/AzureCliCredential.cs) is a new credential type in [Azure.Identity](https://github.com/Azure/azure-sdk-for-net/tree/master/sdk/identity/Azure.Identity).  It allows your code to use the [Azure CLI](https://aka.ms/azcliget) to generate bearer tokens to be used by other Azure SDK clients.\n\nFor example, the following code news up an `AzureCliCredential` and passes it to the Azure Key Vault `KeyClient`, which in turn will call the `GetToken` method on the `AzureCliCredential` class when the first method is called that requires an AAD token.\n\n```csharp\nvar cred = new AzureCliCredential();\nvar client = new KeyClient(new Uri(\"https://jongkv.vault.azure.net\"), cred);\nvar key = await client.GetKeyAsync(\"key1\");\n```\n\nIf you want to run this code in a container, then you need to install the Azure CLI and mount a volume to your `${HOME}/.azure` folder for Linux and `${USERPROFILE}/.azure` folder for Windows.\n\n## Azure CLI Setup\n\n1. Install the [Azure CLI](https://aka.ms/azcliget)\n2. Run `az login` in the same host OS that you will use for development.  So, if you use WSL2, then run this in a WSL2 terminal. If you use Git Bash, then run this there. The Azure CLI will cache tokens locally in `${HOME}/.azure` that will be used by AzureCliCredential.\n\n## Dockerfile\nHere's how you install the Azure CLI with one line of Dockerfile code:\n\n`RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash`\n\nSee [Dockerfile](src/net/Dockerfile) for full code.\n\n\u003e This example is for .NET and Linux only.  If you want to see this working in other langs or Windows, then please file an issue.\n\n## docker-compose.yml\n\nIf you only install the Azure CLI, you will be required to `az login` in the container.  To have the container honor your host machines `az login`, then you need to expose the `.azure` folder on your host to your container.\n\nHere's how to do that in `docker-compose.yml`\n\nLinux:\n```\nvolumes: \n   - \"${HOME}/.azure:/root/.azure\"\n```\n\nWindows:\n```\nvolumes: \n   - \"${USERPROFILE}/.azure:/root/.azure\"\n```\n\nSee [docker-compose.yml](src/net/docker-compose.yml) for full code Linux, and [docker-compose.windows.yml](src/net/docker-compose.windows.yml) for full code Windows.\n\n\n## docker-compose up --build\n\n### Linux\nRun `docker-compose up --build` your `AzureCliCredential` code will now work.\n\n### Windows\nWindows handles the user's home directory differently than Linux, so you need to use ${USERPROFILE} instead of ${HOME} in your docker-compose call.\n\nRun `docker-compose -f docker-compose.windows.yml up --build` your `AzureCliCredential` code will now work.\n\n\n## Running AzureCliCredential in Kubernetes\n\nI'm running Docker Desktop and WSL2. The following is for that configuration. If you are using a different setup and can't get this to work, then let me know and I should be able to help you get it all setup.\n\nStandard Kubernetes hostPath based volume mounts do not currently work with Docker Desktop and WSL2, so you need to do the following:\n\nCreate a directory in the /mnt/wsl folder to mount to, then mount from ${HOME}/.azure to that folder.  I don't exactly know why this is required, but it works.  Here's more info if you are interested in researching it: [Kubernetes Volumes not correctly mounted with WSL2](https://github.com/docker/for-win/issues/5325#issuecomment-645859528)\n\n```bash\nmkdir /mnt/wsl/.azure\nsudo mount --bind ${HOME}/.azure /mnt/wsl/.azure\n```\n\nThen in your Kubernetes config file you specify the mount path like this:\n\n```yaml\nvolumes:\n   - hostPath:\n      path: /run/desktop/mnt/host/wsl/.azure\n      type: Directory\n      name: cli\n```\n\nYou can find the entire file example here: [.k8s/k8s.yml](src/net/.k8s/k8s.yml)\n\nThen run `kubeclt apply -f .k8s` and you will see `key1` outputed to your logs.\n\nYou can remove the mount with the following:\n\n```bash\nsudo umount /mnt/wsl/.azure\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjongio%2Fazureclicredentialcontainer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjongio%2Fazureclicredentialcontainer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjongio%2Fazureclicredentialcontainer/lists"}