Class WorkloadIdentityCredentialBuilder
- All Implemented Interfaces:
com.azure.core.client.traits.HttpTrait<WorkloadIdentityCredentialBuilder>
WorkloadIdentityCredential
.
Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs) to access other Azure resources without the need for a service principal or managed identity. With Workload Identity authentication, applications authenticate themselves using their own identity, rather than using a shared service principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't need to worry about storing and securing sensitive credentials themselves. The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires a token using the service account credentials available in the Azure Kubernetes environment. Refer to Microsoft Entra Workload ID for more information.
Sample: Construct WorkloadIdentityCredential
The following code sample demonstrates the creation of a WorkloadIdentityCredential
,
using the WorkloadIdentityCredentialBuilder
to configure it. The clientId
,
is required to create WorkloadIdentityCredential
. Once this credential is created, it may be passed into the
builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential workloadIdentityCredential = new WorkloadIdentityCredentialBuilder() .clientId("<clientID>") .tenantId("<tenantID>") .tokenFilePath("<token-file-path>") .build();
- See Also:
-
Constructor Summary
ConstructorDescriptionCreates an instance of a WorkloadIdentityCredentialBuilder. -
Method Summary
Modifier and TypeMethodDescriptionbuild()
Creates newWorkloadIdentityCredential
with the configured options set.tokenFilePath
(String tokenFilePath) Configure the path to a file containing a Kubernetes service account token that authenticates the identity.Methods inherited from class com.azure.identity.AadCredentialBuilderBase
additionallyAllowedTenants, additionallyAllowedTenants, authorityHost, clientId, disableInstanceDiscovery, enableUnsafeSupportLogging, executorService, tenantId
Methods inherited from class com.azure.identity.CredentialBuilderBase
addPolicy, clientOptions, configuration, enableAccountIdentifierLogging, httpClient, httpLogOptions, httpPipeline, maxRetry, pipeline, proxyOptions, retryOptions, retryPolicy, retryTimeout
-
Constructor Details
-
WorkloadIdentityCredentialBuilder
public WorkloadIdentityCredentialBuilder()Creates an instance of a WorkloadIdentityCredentialBuilder.
-
-
Method Details
-
tokenFilePath
Configure the path to a file containing a Kubernetes service account token that authenticates the identity. The file path is required to authenticate.- Parameters:
tokenFilePath
- the path to the file containing the token to use for authentication.- Returns:
- An updated instance of this builder with the tenant id set as specified.
-
build
Creates newWorkloadIdentityCredential
with the configured options set.- Returns:
- a
WorkloadIdentityCredential
with the current configurations.
-