How to Create An Ansible Credentials File for Azure

This post will show how to create an Ansible credentials file for Microsoft Azure on Linux or macOS systems and authenticate using service principal credentials.

Credentials file

A credentials file allows us to connect to Microsoft Azure using a principal service account without authenticating Azure AD using a username and password. This process will start with first creating a service principal account using Azure CLI.

Azure CLI

The first step in this process is to create a service principal account that will act as a service account with contributor permissions (default permissions).

To create the account using Azure CLI and run the following command. The command will create a service principal account name ansible after you run the command, copy the output containing the login details, and need them for the next step.

az ad sp create-for-rbac --name ansible

Configuration File

On your Linux or macOS, create a file called credentials in the following path. If you don’t have a .azure directory, go ahead and create one.

$HOME/.azure

In the credentials, file copy the following text and add the login details of the principal account we have created in the first section. To find your tenant ID login to Azure Active Directory.

[default]
subscription_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
secret=xxxxxxxxxxxxxxx
tenant=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Once the file contains the login details you can run any Azure CLI command and for example, the following command will list all the VMs in the subscription.

az vm list

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.