Skip to main content
Pulumi logo Pulumi logo
  1. Docs
  2. Secrets & Configuration
  3. Providers
  4. Login & OIDC
  5. azure-login

azure-login

    The azure-login provider enables you to log in to Azure using OpenID Connect or by providing static credentials. The provider will return a set of credentials that can be used to access Azure resources or fetch secrets using the azure-secrets provider.

    Example

    The azure-login provider’s outputs can be consumed by the Pulumi Azure providers (azure-native, azure, and azuread) and the Azure SDKs through the standard ARM_* environment variables:

    values:
      azure:
        login:
          fn::open::azure-login:
            clientId: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
            tenantId: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
            subscriptionId: /subscriptions/00000000-0000-0000-0000-000000000000
            oidc: true
      environmentVariables:
        # Consumed by the Pulumi Azure providers (azure-native, azure, azuread) and the Azure SDKs
        ARM_USE_OIDC: "true"
        ARM_CLIENT_ID: ${azure.login.clientId}
        ARM_TENANT_ID: ${azure.login.tenantId}
        ARM_SUBSCRIPTION_ID: ${azure.login.subscriptionId}
        ARM_OIDC_TOKEN: ${azure.login.oidc.token}
    

    The azuredevops provider accepts the same ARM_CLIENT_ID, ARM_TENANT_ID, ARM_OIDC_TOKEN, and ARM_USE_OIDC credentials. It does not use ARM_SUBSCRIPTION_ID; instead, set your organization URL with the AZDO_ORG_SERVICE_URL environment variable.

    Schema reference

    Reference schemas last updated on 2026-07-15, synced automatically from the Pulumi Cloud ESC API.

    Inputs

    • clientId string required
      The client ID to use.
    • clientSecret string optional
      The client secret to use for authentication, if any.
    • oidc boolean optional
      True to use OIDC for authentication.
    • subjectAttributes array[string] optional
      The attributes used to issue the oidc token subject.
    • subscriptionId string optional
      The subscription ID to use.
    • tenantId string required
      The tenant ID to use.

    Outputs

    • clientId string required
      The client ID to use.
    • clientSecret string optional
      The client secret to use for authentication, if any.
    • oidc object optional
      OIDC-related data, if OIDC is used for authentication.
    • token string required
      The OIDC token to use for authentication.
    • subscriptionId string optional
      The subscription ID to use.
    • tenantId string required
      The tenant ID to use.

    Configuring OIDC

    To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Azure, see the OpenID Connect integration documentation.

      The infrastructure as code platform for any cloud.