Azure Targets

Introduction

You can define an Azure AD target to be used with Azure AD dynamic secrets or Azure AD rotated secrets. Having an Azure target will allow you to conserve the credentials chain between all of your dynamic secrets, as it is possible to point a target at a rotated secret, or to manually edit credentials in the target instead of having to change them individually for connecting items.

Create an Azure Target from the CLI

To create an Azure AD target from the CLI, run the following command:

akeyless create-azure-target \
--name <target name> \
--client-id <Azure client/application id> \
--tenant-id <Azure tenant id> \
--client-secret <Azure client secret>

Where:

  • name: A unique name of the target. The name can include the path to the virtual folder where you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target.

  • client-id: The Application ID of the admin user that will be used to authenticate Akeyless with Azure.

  • client-secret: The client secret of the admin user that will be used to authenticate Akeyless with Azure.

  • tenant-id: Your Azure Tenant ID.

If you wish the target to reference a specific storage account, add the following parameters:

  • subscription-id: The ID of a Subscription that contains the Azure Storage account.

  • resource-group-name: The name of the Resource Group to which your Azure Storage account belongs.

  • resource-name: The name of the Azure Storage account.

You can find the complete list of parameters for this command in the CLI Reference - Akeyless Targets section.

Create an Azure Target in the Akeyless Console

  1. Log in to the Akeyless Console, and go to Targets > New > Cloud Targets > Azure.

  2. Define a Name of the target, and specify the Location as a path to the virtual folder where you want to create the new target, using slash / separators. If the folder does not exist, it will be created together with the target

  3. Choose your preferred authentication mode by selecting one of the options:

  • Check the Use Credentials radio button to authenticate with the Azure AD admin user credentials.

  • Check the Use Gateway's Cloud Identity option to authenticate with the Gateway's Cloud IAM.

📘

Note

Use Gateway's Cloud Identity is relevant for cases where your Gateway uses Azure service principal to authenticate against Akeyless. For example, when you set up a Dynamic Secret for Azure, the target can be used for the temporary Azure service principals creation.

  1. Define the remaining parameters as follows:
  • Azure Client ID (Application ID): If you selected the Use Credentials option in the previous step, specify the Application ID of the admin user that will be used to authenticate Akeyless with Azure AD.

  • Azure Client Secret: Provide the client secret of the admin user that will be used to authenticate Akeyless with Azure AD.

  • Azure Tenant ID: Specify your Azure Tenant ID.

  • Subscription ID: If this target is for the Azure Storage account, then provide Azure Subscription ID.

  • Resource Group Name: Specify the Resource Group name in your Azure Subscription.

  • Resource Name: Provide the name of the relevant Resource.

  • Protection key: To enable Zero-Knowledge, select a key with a Customer Fragment. For more information about Zero-Knowledge, see Implement Zero Knowledge.

  1. Click Save.