This post will show how to create an Ansible credentials file for Microsoft Azure on Linux or macOS systems and authenticate using service principal credentials.
A credentials file allows us to connect to Microsoft Azure using a principal service account without authenticating Azure AD using a username and password. This process will start with first creating a service principal account using Azure CLI.
The first step in this process is to create a service principal account that will act as a service account with contributor permissions (default permissions).
To create the account using Azure CLI and run the following command. The command will create a service principal account name ansible after you run the command, copy the output containing the login details, and need them for the next step.
az ad sp create-for-rbac --name ansible
On your Linux or macOS, create a file called credentials in the following path. If you don’t have a .azure directory, go ahead and create one.
In the credentials, file copy the following text and add the login details of the principal account we have created in the first section. To find your tenant ID login to Azure Active Directory.
[default] subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx secret=xxxxxxxxxxxxxxx tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Once the file contains the login details you can run any Azure CLI command and for example, the following command will list all the VMs in the subscription.
az vm list