Azure Auth Chain

The Terraspace Azurerm Plugin can authenticate to the Azure REST API via the following mechanisms.

The Terraspace Azurerm Plugin makes use of the armrest gem library to achieve this.


Terraspace will authenticate to the Azure API with these environment variables:


MSI: Managed Identity

The armrest library discovers whether or not MSI is available with an initial network call to So something like this:

curl --connect-timeout 0.5 -H "Metadata: true" ""

Some notes about this metadata endpoint check:

Azure CLI

Terraspace authenticate via the az cli, by essentially calling:

az account get-access-token

More tools: