openshift-docs/modules/cco-short-term-creds-format-azure.adoc

// Module included in the following assemblies:
//
// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc

:_mod-docs-content-type: REFERENCE
[id="cco-short-term-creds-format-azure_{context}"]
= Azure component secret formats

Using manual mode with {entra-first} changes the content of the Azure credentials that are provided to individual {product-title} components. Compare the following secret formats:

.Azure secret format using long-term credentials

[source,yaml]
----
apiVersion: v1
kind: Secret
metadata:
  namespace: <target_namespace> <1>
  name: <target_secret_name> <2>
data:
  azure_client_id: <client_id> <3>
  azure_client_secret: <client_secret> <4>
  azure_region: <region>
  azure_resource_prefix: <resource_group_prefix> <5>
  azure_resourcegroup: <resource_group_prefix>-rg <6>
  azure_subscription_id: <subscription_id>
  azure_tenant_id: <tenant_id>
type: Opaque
----
<1> The namespace for the component.
<2> The name of the component secret.
<3> The client ID of the Microsoft Entra ID identity that the component uses to authenticate.
<4> The component secret that is used to authenticate with Microsoft Entra ID for the `<client_id>` identity.
<5> The resource group prefix.
<6> The resource group. This value is formed by the `<resource_group_prefix>` and the suffix `-rg`.

.Azure secret format using {entra-first}

[source,yaml]
----
apiVersion: v1
kind: Secret
metadata:
  namespace: <target_namespace> <1>
  name: <target_secret_name> <2>
data:
  azure_client_id: <client_id> <3>
  azure_federated_token_file: <path_to_token_file> <4>
  azure_region: <region>
  azure_subscription_id: <subscription_id>
  azure_tenant_id: <tenant_id>
type: Opaque
----
<1> The namespace for the component.
<2> The name of the component secret.
<3> The client ID of the user-assigned managed identity that the component uses to authenticate.
<4> The path to the mounted service account token file.