CertificateCredential Class

Authenticates as a service principal using a certificate.

The certificate must have an RSA private key, because this credential signs assertions using RS256. See Azure Active Directory documentation for more information on configuring certificate authentication.

Inheritance

azure.identity.aio._internal.AsyncContextManager

CertificateCredential

azure.identity.aio._internal.get_token_mixin.GetTokenMixin

CertificateCredential

Constructor

CertificateCredential(tenant_id: str, client_id: str, certificate_path: Optional[str] = None, **kwargs: Any)

Parameters

tenant_id

str

Required

ID of the service principal's tenant. Also called its 'directory' ID.

client_id

str

Required

the service principal's client ID

certificate_path

str

default value: None

path to a PEM-encoded certificate file including the private key. If not provided, certificate_data is required.

authority

str

Authority of an Azure Active Directory endpoint, for example 'login.microsoftonline.com', the authority for Azure Public Cloud (which is the default). AzureAuthorityHosts defines authorities for other clouds.

certificate_data

bytes

the bytes of a certificate in PEM format, including the private key

password

str or bytes

The certificate's password. If a unicode string, it will be encoded as UTF-8. If the certificate requires a different encoding, pass appropriately encoded bytes instead.

cache_persistence_options

TokenCachePersistenceOptions

configuration for persistent token caching. If unspecified, the credential will cache tokens in memory.

Methods

close

Close the credential's transport session.

close

Close the credential's transport session.

async close()