azure-identity-py
Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching.
About this skill
The `azure-identity-py` skill provides AI agents with the essential capabilities to securely authenticate with Microsoft Azure cloud services through the Azure Identity SDK for Python. This foundational skill allows agents to leverage various credential types, including the flexible `DefaultAzureCredential` which intelligently tries multiple authentication methods, Azure-specific managed identities for seamless access when deployed on Azure infrastructure, and service principals for robust application-level authentication. By integrating this skill, AI agents can reliably obtain and cache authentication tokens, ensuring secure, efficient, and compliant access to a wide array of Azure resources, such as Azure AI services, storage accounts, databases, and key vaults. It is a critical enabler for any agent requiring secure interaction with the Azure ecosystem.
Best use case
Securely authenticating an AI agent to Azure cloud services. Enabling an AI agent to access and manipulate Azure resources (e.g., storage, databases, AI services). Configuring agents deployed within Azure (e.g., Azure Functions, AKS, VMs) to use managed identities. Allowing agents to utilize service principal credentials for programmatic and unattended access. Managing and caching authentication tokens to maintain persistent and efficient Azure sessions.
Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching.
The AI agent is successfully authenticated to Azure, enabling it to securely call Azure SDK client methods and interact with specified Azure resources. Authentication tokens are managed and cached efficiently, and the agent can seamlessly adapt its authentication method based on the environment through `DefaultAzureCredential`.
Practical example
Example input
Please retrieve the list of recent AI models from our Azure Machine Learning workspace. Ensure proper authentication.
Example output
Successfully authenticated to Azure. Proceeding to retrieve AI models from the Azure Machine Learning workspace.
When to use this skill
- When your AI agent needs to perform any operation on Microsoft Azure services.
- If your agent is deployed within Azure and can benefit from managed identities for zero-credential authentication.
- When you require a flexible authentication strategy that adapts across development, testing, and production environments.
- To ensure secure and compliant access to Azure resources using established identity and access management practices.
When not to use this skill
- If your AI agent does not interact with any Microsoft Azure services.
- When the agent's tasks are entirely localized or confined to other cloud providers.
- If a simpler, non-Azure specific authentication mechanism (e.g., a single API key for a non-Azure service) is sufficient for the agent's needs.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/azure-identity-py/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How azure-identity-py Compares
| Feature / Agent | azure-identity-py | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Azure Identity SDK for Python
Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).
## Installation
```bash
pip install azure-identity
```
## Environment Variables
```bash
# Service Principal (for production/CI)
AZURE_TENANT_ID=<your-tenant-id>
AZURE_CLIENT_ID=<your-client-id>
AZURE_CLIENT_SECRET=<your-client-secret>
# User-assigned Managed Identity (optional)
AZURE_CLIENT_ID=<managed-identity-client-id>
```
## DefaultAzureCredential
The recommended credential for most scenarios. Tries multiple authentication methods in order:
```python
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient
# Works in local dev AND production without code changes
credential = DefaultAzureCredential()
client = BlobServiceClient(
account_url="https://<account>.blob.core.windows.net",
credential=credential
)
```
### Credential Chain Order
| Order | Credential | Environment |
|-------|-----------|-------------|
| 1 | EnvironmentCredential | CI/CD, containers |
| 2 | WorkloadIdentityCredential | Kubernetes |
| 3 | ManagedIdentityCredential | Azure VMs, App Service, Functions |
| 4 | SharedTokenCacheCredential | Windows only |
| 5 | VisualStudioCodeCredential | VS Code with Azure extension |
| 6 | AzureCliCredential | `az login` |
| 7 | AzurePowerShellCredential | `Connect-AzAccount` |
| 8 | AzureDeveloperCliCredential | `azd auth login` |
### Customizing DefaultAzureCredential
```python
# Exclude credentials you don't need
credential = DefaultAzureCredential(
exclude_environment_credential=True,
exclude_shared_token_cache_credential=True,
managed_identity_client_id="<user-assigned-mi-client-id>" # For user-assigned MI
)
# Enable interactive browser (disabled by default)
credential = DefaultAzureCredential(
exclude_interactive_browser_credential=False
)
```
## Specific Credential Types
### ManagedIdentityCredential
For Azure-hosted resources (VMs, App Service, Functions, AKS):
```python
from azure.identity import ManagedIdentityCredential
# System-assigned managed identity
credential = ManagedIdentityCredential()
# User-assigned managed identity
credential = ManagedIdentityCredential(
client_id="<user-assigned-mi-client-id>"
)
```
### ClientSecretCredential
For service principal with secret:
```python
from azure.identity import ClientSecretCredential
credential = ClientSecretCredential(
tenant_id=os.environ["AZURE_TENANT_ID"],
client_id=os.environ["AZURE_CLIENT_ID"],
client_secret=os.environ["AZURE_CLIENT_SECRET"]
)
```
### AzureCliCredential
Uses the account from `az login`:
```python
from azure.identity import AzureCliCredential
credential = AzureCliCredential()
```
### ChainedTokenCredential
Custom credential chain:
```python
from azure.identity import (
ChainedTokenCredential,
ManagedIdentityCredential,
AzureCliCredential
)
# Try managed identity first, fall back to CLI
credential = ChainedTokenCredential(
ManagedIdentityCredential(client_id="<user-assigned-mi-client-id>"),
AzureCliCredential()
)
```
## Credential Types Table
| Credential | Use Case | Auth Method |
|------------|----------|-------------|
| `DefaultAzureCredential` | Most scenarios | Auto-detect |
| `ManagedIdentityCredential` | Azure-hosted apps | Managed Identity |
| `ClientSecretCredential` | Service principal | Client secret |
| `ClientCertificateCredential` | Service principal | Certificate |
| `AzureCliCredential` | Local development | Azure CLI |
| `AzureDeveloperCliCredential` | Local development | Azure Developer CLI |
| `InteractiveBrowserCredential` | User sign-in | Browser OAuth |
| `DeviceCodeCredential` | Headless/SSH | Device code flow |
## Getting Tokens Directly
```python
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()
# Get token for a specific scope
token = credential.get_token("https://management.azure.com/.default")
print(f"Token expires: {token.expires_on}")
# For Azure Database for PostgreSQL
token = credential.get_token("https://ossrdbms-aad.database.windows.net/.default")
```
## Async Client
```python
from azure.identity.aio import DefaultAzureCredential
from azure.storage.blob.aio import BlobServiceClient
async def main():
credential = DefaultAzureCredential()
async with BlobServiceClient(
account_url="https://<account>.blob.core.windows.net",
credential=credential
) as client:
# ... async operations
pass
await credential.close()
```
## Best Practices
1. **Use DefaultAzureCredential** for code that runs locally and in Azure
2. **Never hardcode credentials** — use environment variables or managed identity
3. **Prefer managed identity** in production Azure deployments
4. **Use ChainedTokenCredential** when you need a custom credential order
5. **Close async credentials** explicitly or use context managers
6. **Set AZURE_CLIENT_ID** for user-assigned managed identities
7. **Exclude unused credentials** to speed up authentication
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.Related Skills
azure-storage-queue-ts
Azure Queue Storage JavaScript/TypeScript SDK (@azure/storage-queue) for message queue operations. Use for sending, receiving, peeking, and deleting messages in queues.
azure-storage-queue-py
Azure Queue Storage SDK for Python. Use for reliable message queuing, task distribution, and asynchronous processing.
azure-servicebus-dotnet
Azure Service Bus SDK for .NET. Enterprise messaging with queues, topics, subscriptions, and sessions.
azure-monitor-ingestion-java
Azure Monitor Ingestion SDK for Java. Send custom logs to Azure Monitor via Data Collection Rules (DCR) and Data Collection Endpoints (DCE).
azure-eventgrid-py
Azure Event Grid SDK for Python. Use for publishing events, handling CloudEvents, and event-driven architectures.
azure-eventgrid-java
Build event-driven applications with Azure Event Grid SDK for Java. Use when publishing events, implementing pub/sub patterns, or integrating with Azure services via events.
azure-eventgrid-dotnet
Azure Event Grid SDK for .NET. Client library for publishing and consuming events with Azure Event Grid. Use for event-driven architectures, pub/sub messaging, CloudEvents, and EventGridEvents.
microsoft-azure-webjobs-extensions-authentication-events-dotnet
Microsoft Entra Authentication Events SDK for .NET. Azure Functions triggers for custom authentication extensions.
azure-web-pubsub-ts
Real-time messaging with WebSocket connections and pub/sub patterns.
azure-storage-file-share-ts
Azure File Share JavaScript/TypeScript SDK (@azure/storage-file-share) for SMB file share operations.
azure-storage-file-share-py
Azure Storage File Share SDK for Python. Use for SMB file shares, directories, and file operations in the cloud.
azure-storage-file-datalake-py
Azure Data Lake Storage Gen2 SDK for Python. Use for hierarchical file systems, big data analytics, and file/directory operations.