Blog Post

IIS Support Blog
1 MIN READ

DefaultAzureCredential failed to retrieve a token

Nedim's avatar
Nedim
Former Employee
Dec 15, 2021

If you try to retrieve a value from Azure Key Vault, you may run into this error: “DefaultAzureCredential failed to retrieve a token from the included credentials”.  

 

Solution

In order to solve this issue in a local machine:

  1. Add Active Directory app registration on Azure
  2. Create access policy for this app registration in Azure Key Vault settings
  3. Create environment variables for AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID (Reference)

 

To find out more about connecting an Azure VM to Key Vault, follow this tutorial. In a nutshell, you need to enable a managed identity for the VM and assign permissions to the identity.

Updated Nov 09, 2023
Version 2.0

4 Comments

Sort By
  • Ansri80's avatar
    Ansri80
    Copper Contributor
    Aug 31, 2023
    DefaultAzureCredential(managed_identity_client_id=client_id)

     

    This worked perfectly! For some reason, even setting the environment variable didn't work. 

  • Ansri80's avatar
    Ansri80
    Copper Contributor
    Aug 31, 2023

    Never mind. I think I need to just use AZURE_CLIENT_ID of the managed credential which is linked to the azure function as per https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python#authenticating-a-user-assigned-managed-identity-with-defaultazurecredential. I will give this a try and update here. 

  • Ansri80's avatar
    Ansri80
    Copper Contributor
    Aug 31, 2023

    I have setup a managed identity. I got the client id and tentant id but not sure where to find the secret? Any pointers here please?

     

    Thanks,

    Anand.

  • NageshRudraiah's avatar
    NageshRudraiah
    Copper Contributor
    Oct 01, 2022
    1. Create environment variables for AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID  (or)
    2. Add  AZURE_TENANT_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
      AZURE_CLIENT_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
      AZURE_CLIENT_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'  values in .env file or  sbx.env file  which resolves the issue