Azure JavaScript SDK – Authentication

Authentication

Azure services require secure authentication. The JavaScript SDK provides several options to obtain credentials for Azure services, including Azure Active Directory (AAD), Managed Identities, and connection strings.

Supported Credential Types

DefaultAzureCredential – automatically selects the best credential based on the environment.
ClientSecretCredential – uses AAD client ID, tenant ID, and client secret.
ManagedIdentityCredential – leverages Azure Managed Identities for Azure resources.
EnvironmentCredential – reads credential information from environment variables.
AzureCliCredential – authenticates using Azure CLI login.

Quick Start

Install the @azure/identity package and use DefaultAzureCredential when possible.

npm install @azure/identity

import { DefaultAzureCredential } from "@azure/identity";
import { SecretClient } from "@azure/keyvault-secrets";

const credential = new DefaultAzureCredential();
const vaultUrl = "https://<your-keyvault-name>.vault.azure.net";

const client = new SecretClient(vaultUrl, credential);

async function getSecret(name) {
    const secret = await client.getSecret(name);
    console.log(`Secret ${name}:`, secret.value);
}

getSecret("mySecret");

import { ManagedIdentityCredential } from "@azure/identity";
import { BlobServiceClient } from "@azure/storage-blob";

const credential = new ManagedIdentityCredential();
const accountUrl = "https://<your-storage-account>.blob.core.windows.net";

const client = new BlobServiceClient(accountUrl, credential);

async function listContainers() {
    for await (const container of client.listContainers()) {
        console.log(`- ${container.name}`);
    }
}

listContainers();

import { EnvironmentCredential } from "@azure/identity";
import { TableServiceClient } from "@azure/data-tables";

const credential = new EnvironmentCredential();
const serviceUrl = "https://<your-storage-account>.table.core.windows.net";

const client = new TableServiceClient(serviceUrl, credential);

async function queryTables() {
    for await (const table of client.listTables()) {
        console.log(`Table: ${table.name}`);
    }
}

queryTables();

Environment Variables

When using EnvironmentCredential, set the following variables:

AZURE_CLIENT_ID=YOUR_CLIENT_ID
AZURE_TENANT_ID=YOUR_TENANT_ID
AZURE_CLIENT_SECRET=YOUR_CLIENT_SECRET

FAQ

Which credential should I use in production?: Prefer DefaultAzureCredential as it automatically selects the most secure credential for the environment, falling back to Managed Identity when deployed to Azure.
Can I authenticate from a local development machine?: DefaultAzureCredential will attempt AzureCliCredential or EnvironmentCredential. Ensure you are logged in via az login or have the required env vars set.