Package com.azure.identity

Class WorkloadIdentityCredential

java.lang.Object
com.azure.identity.WorkloadIdentityCredential
All Implemented Interfaces:
com.azure.core.credential.TokenCredential
public class WorkloadIdentityCredential extends Object implements com.azure.core.credential.TokenCredential

Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs) to access other Azure resources without the need for a service principal or managed identity. With Workload Identity authentication, applications authenticate themselves using their own identity, rather than using a shared service principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't need to worry about storing and securing sensitive credentials themselves. The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires a token using the service account credentials available in the Azure Kubernetes environment. Refer to Microsoft Entra Workload ID for more information.

Sample: Construct WorkloadIdentityCredential

The following code sample demonstrates the creation of a WorkloadIdentityCredential, using the WorkloadIdentityCredentialBuilder to configure it. The clientId, is required to create WorkloadIdentityCredential. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

 TokenCredential workloadIdentityCredential = new WorkloadIdentityCredentialBuilder()
     .clientId("<clientID>")
     .tenantId("<tenantID>")
     .tokenFilePath("<token-file-path>")
     .build();
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    Mono<com.azure.core.credential.AccessToken>
    getToken(com.azure.core.credential.TokenRequestContext request)
    Asynchronously get a token for a given resource/audience.
    com.azure.core.credential.AccessToken
    getTokenSync(com.azure.core.credential.TokenRequestContext request)
    Synchronously get a token for a given resource/audience.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getToken

      public Mono<com.azure.core.credential.AccessToken> getToken(com.azure.core.credential.TokenRequestContext request)
      Description copied from interface: com.azure.core.credential.TokenCredential
      Asynchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
      Specified by:
      getToken in interface com.azure.core.credential.TokenCredential
      Parameters:
      request - the details of the token request
      Returns:
      a Publisher that emits a single access token

    • getTokenSync

      public com.azure.core.credential.AccessToken getTokenSync(com.azure.core.credential.TokenRequestContext request)
      Description copied from interface: com.azure.core.credential.TokenCredential
      Synchronously get a token for a given resource/audience. This method is called automatically by Azure SDK client libraries. You may call this method directly, but you must also handle token caching and token refreshing.
      Specified by:
      getTokenSync in interface com.azure.core.credential.TokenCredential
      Parameters:
      request - the details of the token request
      Returns:
      The Access Token