Expanding docs on client auth for AzureKeyVaultBackend (#18659)

apache · Oct 3, 2021 · 6d504b4 · 6d504b4
1 parent 3a59a85
commit 6d504b4
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/airflow/providers/microsoft/azure/secrets/azure_key_vault.py b/airflow/providers/microsoft/azure/secrets/azure_key_vault.py
@@ -46,6 +46,16 @@ class AzureKeyVaultBackend(BaseSecretsBackend, LoggingMixin):
     And if variables prefix is ``airflow-variables-hello``, this would be accessible
     if you provide ``{"variables_prefix": "airflow-variables"}`` and request variable key ``hello``.
 
+    For client authentication, the ``DefaultAzureCredential`` from the Azure Python SDK is used as
+    credential provider, which supports service principal, managed identity and user credentials
+
+    For example, to specify a service principal with secret you can set the environment variables
+    ``AZURE_TENANT_ID``, ``AZURE_CLIENT_ID`` and ``AZURE_CLIENT_SECRET``.
+
+    .. seealso::
+        For more details on client authentication refer to the ``DefaultAzureCredential`` Class reference:
+        https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python
+
     :param connections_prefix: Specifies the prefix of the secret to read to get Connections
         If set to None (null), requests for connections will not be sent to Azure Key Vault
     :type connections_prefix: str

diff --git a/docs/apache-airflow-providers-microsoft-azure/secrets-backends/azure-key-vault.rst b/docs/apache-airflow-providers-microsoft-azure/secrets-backends/azure-key-vault.rst
@@ -34,6 +34,8 @@ Here is a sample configuration:
 For client authentication, the ``DefaultAzureCredential`` from the Azure Python SDK is used as credential provider,
 which supports service principal, managed identity and user credentials.
 
+For example, to specify a service principal with secret you can set the environment variables ``AZURE_TENANT_ID``, ``AZURE_CLIENT_ID`` and ``AZURE_CLIENT_SECRET``.
+
 Optional lookup
 """""""""""""""
 
@@ -64,3 +66,8 @@ Storing and Retrieving Variables
 
 If you have set ``variables_prefix`` as ``airflow-variables``, then for an Variable key of ``hello``,
 you would want to store your Variable at ``airflow-variables-hello``.
+
+Reference
+"""""""""
+
+For more details on client authentication refer to the `DefaultAzureCredential Class reference <https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python>`_.